Lucene search
CraCkErPACKETSTORM:174446HistorySep 02, 2023 - 12:00 a.m.
PlayTube 3.0.1 Information Disclosure
2023-09-0200:00:00
CraCkEr
packetstormsecurity.com
163
playtube
sensitive information
data leakage
information disclosure
cve-2023-4714
redirect issue
web security
app ids
administration panel
0.605 Medium
EPSS
Percentile
97.8%
`# Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure
# Exploit Author: CraCkEr
# Date: 19/08/2023
# Vendor: PlayTube
# Vendor Homepage: https://playtubescript.com/
# Software Link: https://demo.playtubescript.com/
# Tested on: Windows 10 Pro
# Impact: Sensitive Information Leakage
# CVE: CVE-2023-4714
# CWE: CWE-200 - CWE-284 - CWE-266
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
Information disclosure issue in the redirect responses, When accessing any page on the website,
Sensitive data, such as app IDs, is being exposed in the body of these redirects.
## Steps to Reproduce:
When you visit most of pages on the website, such as the index page for example:
https://website/
in the body page response there's information leakage for "RazorPay Payment" id KEY
+--------------------------------------+
razorpay_options = {
key: "rzp_test_ruz***********"
+--------------------------------------+
Note: The same information leaked, for the app ID KEY, was added to the "Payment Configuration" in the Administration Panel
Settings of "Payment Configuration" in the Administration Panel, on this Path:
https://website/admin-cp/payment-settings
[-] Done
`
Related
cve
cve
CVE-2023-4714
2023-09-01 20:15:08
cvelist
cvelist
CVE-2023-4714 PlayTube Redirect information disclosure
2023-09-01 20:00:08
prion
prion
Information disclosure
2023-09-01 20:15:00
zdt
zdt
PlayTube 3.0.1 Information Disclosure Vulnerability
2023-09-04 00:00:00
nvd
nvd
CVE-2023-4714
2023-09-01 20:15:08
nuclei
nuclei
PlayTube 3.0.1 - Information Disclosure
2023-09-14 15:08:32