[toong]

Are those kind of explorations even legal ? I understand there was no wrong intentions, just curiosity.

I want to read more about things like this, but it feels reckless on the authors part ?!

[pgo]

Legal, encouraged and rewarded. Bug bounty programs allow hackers doing these kind of explorations. Although most programs advise you not to do anything once you get code execution as it might break things on production, so the final part where they started intercepting traffic might not be something I would do, but they took a calculated risk, that this is is docker container that does no critical work and it would be interesting to see if we could break out of it. So that's fine.

You can read up more of such reports at hackerone.com/hackitivity or just searching about bug bounty writeups for X organization

[jacobr1]

Would it be illegal without the clear terms allowing it in the context of a bug bounty program?

[jesboat]

Almost certainly

[neop1x]

your hackeone link:

"Page not found

The page you are looking for does not exist. "