I recently found a bug in a bug bounty program that allowed me to access the premium articles in that site which could need premium account. I got it exposed for free of cost without needing any premium account. By seeing the program's guidelines I am not going to expose the name of it so we can assume it as example.com

**Vulnerable Endpoint** `https://example.com/articles/article67`

**How I got there** I thought of exploring the premium article page as it is the most valuable thing of an article site. When I opened the vulnerable Endpoint *https://example.com/articles/article67* then I noticed that first the page is loading the whole article and then loading the main js file which then ran the script for hiding the article behind the paywall. I noticed it instantly and exploited it accordingly.

**Steps to Reproduce**

- turn on intercept on burpsuite which opening the premium article page - while the burpsuite captures every requests forward the main html response and drop the js - also additionally forward the images

This will only show you the article without allowing the js to put a paywall In the article so that you can read the premium articles without paying for it.

**Final Thoughts** While this often happens when the program intentionally exposes the whole article to rank In the seo but still a malicious actor can make an script to copy and download the whole database of the articles by copying it one by one using this bypass.

This bug wasn't a rocket science to find but it needed a perspective of a logical hunter. If you want to learn such amazing logical bugs you can follow me for that.