Security Policy for https://d3m1r.com

Last Updated: 3/5/2025

1. Introduction

At https://d3m1r.com, security is a top priority. We are committed to maintaining the CIA Triad (confidentiality, integrity, and availability) of our website and its content. This policy outlines our responsible disclosure process for reporting security vulnerabilities.

2. Responsible Disclosure

If you believe you have discovered a security vulnerability on this website, we encourage you to report it to us responsibly. Please follow these guidelines:

  • Do not exploit the vulnerability, (unless the discovery of the reasonably potential vulnerability requires so). Accessing, modifying, or deleting any data beyond what is necessary to demonstrate the vulnerability is strictly prohibited.
  • Do not publicly disclose the issue before we have had a reasonable opportunity to investigate and implement a fix.
  • Provide detailed information including:
    • Steps to reproduce the issue
    • Potential impact
    • Any proof-of-concept code (if applicable)
  • Respect user privacy. Do not attempt to access personal data (in this case security logs, or Hostinger logs as described by the Privacy Policy).
  • Report the issue privately via our secure contact form.

3. What to Report

We are particularly interested in vulnerabilities related to:

  • Cross-Site Scripting (XSS)
  • SQL Injection (SQLi)
  • Remote Code Execution (RCE)
  • Authentication Bypasses
  • Data Exposure
  • Any other vulnerabilities that could compromise the security of our users or infrastructure

4. What NOT to Report

The following are out of scope and should not be reported:

  • Denial-of-Service (DoS/DDoS) attacks
  • Spamming or social engineering
  • Issues in third-party services (Hostinger, hCaptcha, etc.)
  • Non-security related bugs (e.g., UI/UX issues, broken links)

5. Our Commitment

I will:

  • Acknowledge receipt of your report within 48 hours.
  • Investigate the reported issue and provide an update within 7 days.
  • Take appropriate action to resolve the issue in a timely manner.
  • If applicable, publicly credit researchers in the Hall of Fame and through a public post (both, of course, only with permission).

6. Legal Considerations

This website operate under the principle of good faith security research and responsible disclosure. As long as you adhere to this policy:

  • We will not take legal action against researchers reporting in good faith.
  • We will work with you to address the issue appropriately.
  • However, unauthorized access, data modification, or disruptive testing is strictly prohibited and may result in legal consequences.

7. Contact Information

For security-related inquiries, please contact us at:

8. Policy Updates

This security policy may be updated periodically. Any changes will be reflected on this page with an updated “Last Updated” date.