I was looking around for information on Brotli compression, and came across an article behind protection (login or membership required). Information behind these paywalls is more and more common, as companies are using these in order to maintain their revenue in an digital era. Myself, like other people, do not want to login or create an account to view this content (it is also likely found on another site) - so I poked around to see if the information was accessible without logging in.
Keeping this investigation confidential, I will not be mentioning the website in question or post any screenshots what I found. The flaw has also been reported to the company to ensure they can fix their security hole.
So what I did first on this webpage was Inspect by right-clicking the text right above the Sign In/Register to view the whole article to see if the entire website's contents were really on the page but hidden by css.
I didn't find the whole article under the covers, and so I didn't think I'd uncover anything else - until I saw a <script> tag below the previewed content and some code that looked like this:
Lo-and-behold I was seeing the entire article! Quite easy don't you think?
Keeping this investigation confidential, I will not be mentioning the website in question or post any screenshots what I found. The flaw has also been reported to the company to ensure they can fix their security hole.
How I bypassed the paywall
In articles that implement a paywall, there is typically the beginning of the online article that is visible, only for a short while. At the end of the readable article, the text fades out to white, abruptly ends, or is ended by a Sign In/Register to view the whole article button.
Now, having experience with web development, I know a thing or two about websites - mainly that what you see might not entirely be the whole story. Poorly or rushed websites might look polished, but are very brittle when you start pulling the covers.
 |
| What your brittle website's architecture can look like |
The screenshot is from a game called Forts, and is available on Steam. I recommend it if you like physics-based RTS games.
 |
| Where we inspect the text |
I didn't find the whole article under the covers, and so I didn't think I'd uncover anything else - until I saw a <script> tag below the previewed content and some code that looked like this:
if(typeof(readCookie('nsdr')) == 'undefined'){ // code }I didn't give this much thought and guessed that perhaps they are showing information on the page based on a cookie named nsdr. So I ran the following code in my console and refreshed the webpage:
Lo-and-behold I was seeing the entire article! Quite easy don't you think?
What was wrong
This company is validating client-side if a user is able to view content, instead of what they should be doing, which is validating a user is authenticated (and showing the user their content) on the server. Learn your lesson and never trust the user.
I was diagnosed as HEPATITIS B carrier in 2013 with fibrosis of the
ReplyDeleteliver already present. I started on antiviral medications which
reduced the viral load initially. After a couple of years the virus
became resistant. I started on HEPATITIS B Herbal treatment from
ULTIMATE LIFE CLINIC (www.ultimatelifeclinic.com) in March, 2020. Their
treatment totally reversed the virus. I did another blood test after
the 6 months long treatment and tested negative to the virus. Amazing
treatment! This treatment is a breakthrough for all HBV carriers.