As part of our campaign of holding DHL accountable for their security vulnerabilities - we are now disclosing that the market contains a very simple bug that allows anybody to read any message on the site.
The details are here:
https://gist.github.com/anonymous/97d1e2319b78210606d41f3309aa4c21
If you're a researcher have a go at the site - almost none of the form parameters on the site are validated - this site is incredibly horrible and nobody should be using it.
The administrators of DHL have not replied to any of our previous reports nor messages and it has been over 48 hours. They have promised to give a "truthful" response and not delivered and referred to previous vulnerability disclosures as "reddit drama" and those reporting bugs as "clowns"
One more note - we are not going to put up with shit from admins, paid spokespeople or shill moderators any longer. We are no longer reporting vulnerabilities as we find them and we are sitting on many more - keep this in mind before you attempt to jump in again and deny or attempt to FUD in this sub.
Props to you-know-who for the tips, everyone working on the DNMs together and the peeps who have PM'd and messaged.
Unmod wombat, ban pelican from the subreddit for admitting to paid shilling, remove DHL from the list.