lain/Paddle-PoC-Token-Replay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags
a6d3e3c1d569559fb5cd3b7a0e5df903edd0d8d8
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
lain a6d3e3c1d5 Add readme.MD
2026-04-12 20:19:05 -04:00
readme.MD
Add readme.MD
2026-04-12 20:19:05 -04:00

readme.MD

Paddle Session Replay — Bug Bounty PoC

Research use only. Test against your own account.

What it does

Demonstrates that paddle_session_vendor is the sole auth token on vendors.paddle.com/dashboard/api/userinfo with no IP/UA/device binding.

Install

pip install requests rich

Usage

python exploit.py

paste your paddle_session_vendor token when prompted

Findings

See report.md for full vulnerability writeup.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 30 KiB
Languages
Python 100%