JSONP Broadcast Auth Demo

Demonstrates the JSONP auth token leakage vulnerability in Laravel's PusherBroadcaster.

How it works:

  1. Log in to establish an authenticated session
  2. The dashboard connects to Reverb via Echo on a private channel
  3. Open the attacker page (exploit/attacker.html) separately
  4. The attacker page steals your auth token via JSONP
  5. The attacker subscribes to the private channel using the stolen token
  6. Send a message from the dashboard — the attacker receives it
Log in as Test User

See FINDING-JSONP-BROADCAST-AUTH.md for the full vulnerability disclosure.