| عنوان | PlayTube 3.0.1 - WebPage Content Information Disclosure |
|---|
| الوصف | # Exploit Title: PlayTube 3.0.1 - WebPage Content Information Disclosure
# Exploit Author: skalvin aka (CraCkEr)
# Date: 19/08/2023
# Vendor: PlayTube
# Vendor Homepage: https://playtubescript.com/
# Software Link: https://demo.playtubescript.com/
# Tested on: Windows 10 Pro
# Impact: Sensitive Information Leakage
## Description
Information disclosure issue in the redirect responses, When accessing any page on the website,
Sensitive data, such as app IDs, is being exposed in the body of these redirects.
## Steps to Reproduce:
When you visit most of pages on the website, such as the index page for example:
https://website/
in the body page response there's information leakage for "RazorPay Payment" id KEY
+--------------------------------------+
razorpay_options = {
key: "rzp_test_ruz***********"
+--------------------------------------+
Note: The same information leaked, for the app ID KEY, was added to the "Payment Configuration" in the Administration Panel
Settings of "Payment Configuration" in the Administration Panel, on this Path:
https://website/admin-cp/payment-settings
[-] Done |
|---|
| المستخدم | skalvin (UID 49463) |
|---|
| ارسال | 19/08/2023 10:10 PM (3 سنوات منذ) |
|---|
| الاعتدال | 01/09/2023 02:57 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 238577 [PlayTube 3.0.1 Redirect الكشف عن المعلومات] |
|---|
| النقاط | 17 |
|---|