What a lucky coincidence that the tool the researcher attacked because it allowed code execution was not sandboxed.