A security researcher known as Bitquark has identified an SQL Injection vulnerability on the official website of Tesla Motors. Fortunately, the electric car maker addressed the security hole shortly after being notified of its existence.
Initially, the expert only found some cross-site scripting (XSS) vulnerabilities on Tesla’s website. However, after a while, he found the SQL injection bug in the Tesla Motors design studio, which allows customers to customize their car before placing an order.
The flaw plagued a URL shortener that can be used by customers to share the configuration they’ve created with others. The vulnerability exposed the backend database, including customer records and administrator credentials.
Tesla fixed the problem after being provided with some technical details and a Python script that exploited the security hole.
Additional details are available on Bitquark’s blog.