lain/Paddle-PoC-Token-Replay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fb978b3ba4d5ce898e5c7b753209df99fdeaa95
Paddle-PoC-Token-Replay/readme.MD
lain a6d3e3c1d5 Add readme.MD
2026-04-12 20:19:05 -04:00

434 B
Raw Blame History

Paddle Session Replay — Bug Bounty PoC

Research use only. Test against your own account.

What it does

Demonstrates that paddle_session_vendor is the sole auth token on vendors.paddle.com/dashboard/api/userinfo with no IP/UA/device binding.

Install

pip install requests rich

Usage

python exploit.py

paste your paddle_session_vendor token when prompted

Findings

See report.md for full vulnerability writeup.

Reference in New Issue View Git Blame Copy Permalink