Authored by CraCkEr

PlayTube version 3.0.1 suffers from an information leakage vulnerability.

advisories | CVE-2023-4714

# Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure
# Exploit Author: CraCkEr
# Date: 19/08/2023
# Vendor: PlayTube
# Vendor Homepage:
# Software Link:
# Tested on: Windows 10 Pro
# Impact: Sensitive Information Leakage
# CVE: CVE-2023-4714
# CWE: CWE-200 - CWE-284 - CWE-266

## Greetings

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter)

## Description

Information disclosure issue in the redirect responses, When accessing any page on the website,
Sensitive data, such as app IDs, is being exposed in the body of these redirects.

## Steps to Reproduce:

When you visit most of pages on the website, such as the index page for example:


in the body page response there's information leakage for "RazorPay Payment" id KEY

razorpay_options = {
key: "rzp_test_ruz***********"

Note: The same information leaked, for the app ID KEY, was added to the "Payment Configuration" in the Administration Panel

Settings of "Payment Configuration" in the Administration Panel, on this Path:


[-] Done