Hacker News new | ask | show | jobs
by ctrl_freak 3430 days ago
Yes, I just found out yesterday that setting your referrer to facebook.com/l.php allows you to reliably bypass the paywall.

E.g. http://facebook.com/l.php?u=http://www.wsj.com/articles/poli...
4 comments
ufmace 3430 days ago
Thanks, that does work. Though I still feel a little funny about jumping through a bunch of weird hoops to read news articles.
link
abofh 3430 days ago
Wow, I don't even have a facebook account and that works. That feels like some XSS waiting to happen :/
link
Buge 3430 days ago
It's an open redirect, not XSS. It's a matter of debate whether an open redirect is a vulnerability or not.
link
ufmace 3427 days ago
In case anyone's still here, I made a bookmarklet for it:

javascript:location.href='http://facebook.com/l.php?u='+encodeURIComponent(location.hr...

Make a bookmark with that, call it I'm from Facebook or something, and go to it when you hit a paywall.

link
throwaway40483 3430 days ago
This trick is the only thing that seems to bypass WSJ paywall now
link