lain/Paddle-PoC-Token-Replay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
2fb978b3ba4d5ce898e5c7b753209df99fdeaa95
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
lain 2fb978b3ba Add exploit_poc.py
2026-04-12 20:19:45 -04:00
exploit_poc.py
Add exploit_poc.py
2026-04-12 20:19:45 -04:00
readme.MD
Add readme.MD
2026-04-12 20:19:05 -04:00

readme.MD

Paddle Session Replay — Bug Bounty PoC

Research use only. Test against your own account.

What it does

Demonstrates that paddle_session_vendor is the sole auth token on vendors.paddle.com/dashboard/api/userinfo with no IP/UA/device binding.

Install

pip install requests rich

Usage

python exploit.py

paste your paddle_session_vendor token when prompted

Findings

See report.md for full vulnerability writeup.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 30 KiB
Languages
Python 100%