A recent security lapse in DoorDash's infrastructure has exposed a significant vulnerability that could allow malicious actors to impersonate the company with ease. This flaw enables the sender to dispatch emails that appear to originate directly from DoorDash's official servers, creating a highly authentic-looking communication channel.

The company has responded promptly by addressing and fixing the vulnerability; however, the incident has sparked a heated debate between the researcher who uncovered the flaw and DoorDash itself. Both parties have accused each other of misconduct amid the dispute.

The weakness was traced back to the company's business platform, which lacked sufficient safeguards. Exploiting this, an attacker could generate fully branded emails from the no-reply@doordash.com address. This capability was demonstrated by a security researcher operating under the pseudonym doublezero7.

This flaw presented a danger, as it could be exploited to carry out targeted phishing attacks or social engineering schemes. An attacker could create a free DoorDash for Business account, then access backend administrative tools to add fictitious employees with any name and email address. They could set expense budgets and craft HTML emails that mimic official DoorDash templates.

These crafted messages, indistinguishable from legitimate correspondence, would be delivered directly to recipients' inboxes without triggering spam filters, significantly increasing the risk of deception and fraud.

A cybersecurity expert recently contacted BleepingComputer with proof of a flaw, illustrating potential exploitation methods by malicious individuals.

According to the expert's statement to BleepingComputer, the vulnerability originated from the budget name input field, which was saved as unprocessed text in the database before being sent via email for rendering.

The researcher explained that by leaving HTML tags open, they could manipulate the complete text block containing budget details. Additionally, employing display:none styling made it feasible to entirely conceal original content and substitute it with a custom-designed payload.

The exploitation depended entirely on the protective mechanisms of email clients. Any content that bypassed these defenses would be displayed. The input field permitted various on* event handlers, with the exception of 'onerror', though email platforms typically filter these out, the researcher noted.

The demonstration shown in the screenshot above—featuring text offering a "claim free 20$ voucher"—represents a proof-of-concept HTML injection attack developed by the researcher through the DoorDash for Business administrative interface, as illustrated in the following image:

The security researcher highlighted that the email spoofing vulnerability was not exclusive to DoorDash's customer or merchant base, implying that malicious actors could potentially target any recipient with crafted emails mimicking DoorDash branding. This flaw bore a resemblance to a similar, unresolved issue previously identified in Uber’s email infrastructure, which allowed nearly anyone to send messages from uber.com, a problem uncovered by BleepingComputer in 2022.

Before reaching out to BleepingComputer, the researcher took a proactive but somewhat contentious step by publishing a concise report outlining the vulnerability and their efforts to disclose it. They deliberately withheld technical specifics and proof-of-concept details, emphasizing the simplicity of the flaw—a stored payload embedded in a trusted-looking email template.

The researcher expressed frustration with the lengthy disclosure process, noting that the vulnerability remained exploitable for over 15 months. They criticized the fact that the HackerOne report (#2608277) was marked as "informative" and closed around mid-July 2024 without escalation, despite the flaw being active during that period. It wasn’t until early November, after persistent direct communication with DoorDash, that the company addressed the issue.

The researcher claims their public disclosure was instrumental in prompting the fix, asserting, "Without my public pressure, this vulnerability would still be active today." To verify this timeline, BleepingComputer conducted an independent review, revealing discrepancies between the researcher’s account and DoorDash’s version of events.

According to the company, they did not ignore the vulnerability but considered the pressure from the researcher to be crossing ethical boundaries. An insider indicated that their interactions deteriorated after the researcher demanded a significant monetary compensation tied to the disclosure process—an approach DoorDash viewed as outside ethical bug bounty practices. The researcher also refused offers for mediation and reiterated their financial demands.

DoorDash characterized the issue as outside the scope of their bug bounty program and accused the researcher of attempting extortion. A company spokesperson stated, "DoorDash operates a bug bounty program to collaborate with security researchers. In this case, the individual tried to extort us for money and was banned from our program. The reported issue was outside the scope, and our team has addressed it. We remain committed to working with good-faith researchers to protect our platform."

BleepingComputer contacted HackerOne for further clarification. The platform declined to comment on why the report was marked "informative," but a HackerOne spokesperson confirmed that, after review, appropriate actions were taken in line with their policies, including possible bans for misconduct.

The researcher reaffirmed to BleepingComputer that the vulnerability went unpatched for an extended period and admitted to employing questionable tactics, such as demanding payment directly from DoorDash. They explained, "My final email was a conditional offer for a paid NDA in exchange for silence, due to the company's prolonged neglect. DoorDash patched the flaw hours after my ultimatum but ignored my payment request and quietly fixed the issue."

While the flaw enabled convincing email spoofing, it did not lead to data breaches or system access—its primary impact was facilitating phishing attempts. The researcher viewed the silent patch and their subsequent exclusion from the bug bounty program as retaliatory measures. They argued, "My decision to disclose was driven by frustration over the company's neglect and attempts to silence me. Although I questioned the ethics of my actions, I ultimately succeeded in getting the vulnerability addressed."

This case underscores the complexities of vulnerability disclosure, especially when expectations and communication between researchers and companies diverge. A source familiar with the situation clarified that this vulnerability was unrelated to the recent DoorDash breach reported earlier this month.

Why People Need VPN Services to Unblock Porn

People need VPN services to unblock porn primarily to bypass regional censorship and maintain privacy, allowing them to access content freely and anonymously. Porn unblocked refers to the process of circumventing these digital barriers to reach adult websites that are otherwise restricted in certain locations. By using a VPN, individuals can effectively achieve this unblocked access while securing their online activity.

Why Choose SafeShell VPN to Access Adult Content

If you want to access region-restricted content of Porn by unblocking porn sites, considering the SafeShell VPN is a wise choice. This VPN offers robust encryption protocols that keep your online activities private and anonymous, ensuring your security while browsing sensitive content. With a wide network of servers worldwide, SafeShell VPN allows you to bypass geo-restrictions effortlessly, giving you unrestricted access to adult sites regardless of your location. Its innovative App Mode feature enables simultaneous access to content from multiple regions, enhancing your browsing flexibility. Additionally, the lightning-fast speeds provided by SafeShell VPN ensure smooth streaming without buffering, making your experience seamless and enjoyable. The exclusive ShellGuard protocol further enhances your security by preventing detection and safeguarding your privacy from intrusive monitoring. Supporting multiple devices simultaneously, SafeShell VPN ensures comprehensive protection across all your gadgets, making it a reliable and efficient solution to unblock porn sites safely.

How to Use SafeShell VPN to Unlock Porn Sites

To begin using SafeShell VPN for accessing region-specific adult content, the first step is to acquire the application. You should visit the official website or your device's app store to download and install the SafeShell VPN client. Once installed, open the application and proceed to create an account or log in if you already have one. This initial setup is crucial for establishing a secure connection framework.

Next, within the SafeShell VPN interface, navigate to the server selection menu. Here, you will choose a server location corresponding to the geographical region of the adult content you wish to access. After selecting your desired server, simply activate the VPN connection by toggling the connect button. It is advisable to verify that your IP address has changed to confirm a successful connection to the SafeShell VPN network.

Finally, with the SafeShell VPN connection securely established, you can open your preferred web browser. You may now freely navigate to the adult websites that were previously restricted, enjoying private and unrestricted access. Remember to keep the SafeShell VPN application running in the background throughout your session to maintain both privacy and consistent access to the content.