Share
## https://sploitus.com/exploit?id=PACKETSTORM:174446
# Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure  
# Exploit Author: CraCkEr  
# Date: 19/08/2023  
# Vendor: PlayTube  
# Vendor Homepage: https://playtubescript.com/  
# Software Link: https://demo.playtubescript.com/  
# Tested on: Windows 10 Pro  
# Impact: Sensitive Information Leakage  
# CVE: CVE-2023-4714  
# CWE: CWE-200 - CWE-284 - CWE-266  
  
  
## Greetings  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
  
## Description  
  
Information disclosure issue in the redirect responses, When accessing any page on the website,  
Sensitive data, such as app IDs, is being exposed in the body of these redirects.  
  
  
## Steps to Reproduce:  
  
When you visit most of pages on the website, such as the index page for example:  
  
https://website/  
  
in the body page response there's information leakage for "RazorPay Payment" id KEY  
  
+--------------------------------------+  
razorpay_options = {  
key: "rzp_test_ruz***********"  
+--------------------------------------+  
  
  
Note: The same information leaked, for the app ID KEY, was added to the "Payment Configuration" in the Administration Panel  
  
Settings of "Payment Configuration" in the Administration Panel, on this Path:  
  
https://website/admin-cp/payment-settings  
  
  
[-] Done