SQL Injection Vulnerability on Tesla Motors’ Website Exposed Customer Records


SQL Injection vulnerability found on Tesla Motors' website

A security researcher known as Bitquark has identified an SQL Injection vulnerability on the official website of Tesla Motors. Fortunately, the electric car maker addressed the security hole shortly after being notified of its existence.

Initially, the expert only found some cross-site scripting (XSS) vulnerabilities on Tesla’s website. However, after a while, he found the SQL injection bug in the Tesla Motors design studio, which allows customers to customize their car before placing an order.

The flaw plagued a URL shortener that can be used by customers to share the configuration they’ve created with others. The vulnerability exposed the backend database, including customer records and administrator credentials.

Tesla fixed the problem after being provided with some technical details and a Python script that exploited the security hole.

Additional details are available on Bitquark’s blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s