Tesla paid me $10,000 because of Directory Indexing
Many people are interested in trying Bug Bounties, but they feel they won’t be able to find anything. I hope that my success will serve as an example for others who are thinking about bounty hunting. Below is a simple write-up describing how I was able to identify a priority 1 issue with ease.
On February 26, 2021, I disclosed a vulnerability that I had identified on a publicly-facing website owned by Tesla. This was part of a Bug Bounty program, where rewards were given for finding security vulnerabilities. The vulnerability allowed me to gain access to sensitive information, with the most sensitive finding being an IKE pre-shared key which could have been leveraged to connect to the Tesla Corporate network.
I’ll walk you through the process I followed in order to find the vulnerability below. Just as a heads up, don’t expect anything incredibly clever. This was low hanging fruit, that paid off big time!
After enumerating sub-domains and identifying servers that were listening on TCP port 80 and 443, I simply used dirb with standard wordlists against all targets.
After a few hours of directory busting, one finding stood out to me. I observed that the /uploads directory on https://trt.teslamotors.com had Directory Indexing enabled. This meant that I could browse through all of the files that were stored in that directory.
Within this directory, I found files that were sensitive to Tesla.
After perusing the various files in the /uploads directory, I observed a zip file named “pdx01.zip” and when I downloaded it, I found a number of configuration files inside. Within these files, I was able to find a VPN pre-shared key that would allow me to authenticate to the Tesla corporate network. I also found WiFi passwords for Tesla stores, and Radius passwords.
I reported this issue to Tesla through their BugCrowd Bug Bounty Program.
Tesla has since fixed the issue and I want to commend them for their responsiveness.
This is an excellent example of a company that takes security seriously and rewards those who help them identify and fix issues.
