Add readme.MD

2026-04-12 20:19:05 -04:00
commit a6d3e3c1d5
1 changed files with 17 additions and 0 deletions
--- a/readme.MD
+++ b/readme.MD
@@ -0,0 +1,17 @@
+# Paddle Session Replay — Bug Bounty PoC
+
+> Research use only. Test against your own account.
+
+## What it does
+Demonstrates that `paddle_session_vendor` is the sole auth token on
+`vendors.paddle.com/dashboard/api/userinfo` with no IP/UA/device binding.
+
+## Install
+pip install requests rich
+
+## Usage
+python exploit.py
+# paste your paddle_session_vendor token when prompted
+
+## Findings
+See report.md for full vulnerability writeup.