Security & Code Blog

Security and code discussion, with dissections of recent vulnerabilities discovered as part of vendor bug bounty programmes. Don't forget to participate with comments and feedback!

Tesla Motors blind SQL injection


Tesla Motors are cool. Founded by Elon Musk of PayPal and SpaceX fame, they design, build and sell next generation electric cars, which with the right infrastructure could help mitigate global warming and improve the quality of life in general. I'm into that, so when they launched a security responsible disclosure programme I took a look.

Tesla make extensive use of Drupal with a handful of plugins, and security is pretty tight. With a few hours poking around I'd covered most of the site and found a few XSS vulnerabilities, a couple of which were hard to exploit, and an easier to exploit vector in a non-Drupal script I found referenced in a commented out link.

RSS Feed

Showing posts from Sunday, 23rd February 2014.