|
|
|
|
|
|
by pgo
2129 days ago
|
|
|
Legal, encouraged and rewarded. Bug bounty programs allow hackers doing these kind of explorations. Although most programs advise you not to do anything once you get code execution as it might break things on production, so the final part where they started intercepting traffic might not be something I would do, but they took a calculated risk, that this is is docker container that does no critical work and it would be interesting to see if we could break out of it. So that's fine. You can read up more of such reports at hackerone.com/hackitivity or just searching about bug bounty writeups for X organization |
|
|