{"id":33183,"date":"2020-02-25T04:25:00","date_gmt":"2020-02-25T09:25:00","guid":{"rendered":"http:\/\/blog.cybercon1.com\/?p=33183"},"modified":"2020-02-25T04:25:00","modified_gmt":"2020-02-25T09:25:00","slug":"tesla-pays-10k-for-microsoft-sql-server-reporting-services-bug","status":"publish","type":"post","link":"https:\/\/blog.cyberconservices.com\/index.php\/2020\/02\/25\/tesla-pays-10k-for-microsoft-sql-server-reporting-services-bug\/","title":{"rendered":"Tesla Pays $10K for Microsoft SQL Server Reporting Services Bug"},"content":{"rendered":"\n<p>By\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/author\/ionut-ilascu\/\">Ionut Ilascu &#8211; <\/a>Tesla paid a $10,000 bounty for a vulnerability in Microsoft SQL Server Reporting Services (<strong>SSRS<\/strong>) that had received a patch five days before getting the bug report.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.pixabay.com\/photo\/2018\/09\/20\/09\/05\/assassin-3690300__340.jpg\" alt=\"\" width=\"261\" height=\"166\"\/><\/figure><\/div>\n\n\n\n<p>The issue was tagged as a server-side injection that led to remote code execution. German bug hunter\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/parzel2\" target=\"_blank\">parzel<\/a>\u00a0found it in a Tesla server for partners, which qualified for a reward.<\/p>\n\n\n\n<p>Tracked as CVE-2020-0618, the vulnerability received a patch on February 11, just four days before parzel submitted his report via the crowdsourced security platform Bugcrowd.  <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.google.com\/url?rct=j&amp;sa=t&amp;url=https:\/\/www.bleepingcomputer.com\/news\/security\/tesla-pays-10k-for-microsoft-sql-server-reporting-services-bug\/&amp;ct=ga&amp;cd=CAEYACoTNDkxMDg3ODA4NjgwNjcyMjMzOTIaYjQ4Y2RhZThlMDE1OTE1NDpjb206ZW46VVM&amp;usg=AFQjCNGDyGAyzTMf7hA4m39L2YylVFs5WQ\" target=\"_blank\">Read On:<\/a><\/p>\n\n\n\n<iframe style=\"width:120px;height:240px;\" align=\"left\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/ws-na.amazon-adsystem.com\/widgets\/q?ServiceVersion=20070822&#038;OneJS=1&#038;Operation=GetAdHtml&#038;MarketPlace=US&#038;source=ss&#038;ref=as_ss_li_til&#038;ad_type=product_link&#038;tracking_id=cyberconservi-20&#038;language=en_US&#038;marketplace=amazon&#038;region=US&#038;placement=B079NJ8KHS&#038;asins=B079NJ8KHS&#038;linkId=c06bb76f51ea0878b9bb35af4c482a87&#038;show_border=true&#038;link_opens_in_new_window=true\"><\/iframe>\n","protected":false},"excerpt":{"rendered":"<p>By\u00a0Ionut Ilascu &#8211; Tesla paid a $10,000 bounty for a vulnerability in Microsoft SQL Server Reporting Services (SSRS) that had received a patch five days before getting the bug report. The issue was tagged as a server-side injection that led <span class=\"excerpt-dots\">&hellip;<\/span> <a class=\"more-link\" href=\"https:\/\/blog.cyberconservices.com\/index.php\/2020\/02\/25\/tesla-pays-10k-for-microsoft-sql-server-reporting-services-bug\/\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[37,116],"tags":[171],"class_list":["post-33183","post","type-post","status-publish","format-standard","hentry","category-sql-server","category-ssrs","tag-ssrs"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/33183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/comments?post=33183"}],"version-history":[{"count":0,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/33183\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media?parent=33183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/categories?post=33183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/tags?post=33183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}