Paywalls vulnerables en diarios digitales — La Nueva España | by Miguel Martínez Serrano | Medium

Vulnerable Paywalls in Digital Newspapers

The article discusses a vulnerability in the paywall system of several digital newspapers belonging to the Prensa Ibérica publishing group, including La Nueva España. The vulnerability allows users to access premium content without a subscription.

Exploiting the Vulnerability

The author demonstrates how to bypass the paywall using two methods:

• Using browser developer tools (F12) to remove CSS classes that hide the premium content.
• Using a browser extension, such as Custom JavaScript for websites, to automatically remove the classes and display the content.

The vulnerability stems from the fact that the full article content is still sent by the server, even to non-subscribers. It's simply hidden with CSS styling.

Improving Paywall Security

The author provides recommendations for developers to create more secure paywalls:

• Servers should not send the complete article content to non-subscribers.
• Validations should be performed on the server-side, not just client-side.

The article emphasizes that the vulnerability is easily exploited, highlighting the importance of robust security measures in web development.