首页 »
安全策略 / Security Policy
安全策略 / Security Policy
漏洞披露政策 · Vulnerability Disclosure Policy
中文
本网站欢迎安全研究人员负责任地披露漏洞。如果您发现了安全问题,请通过以下方式联系我:
联系邮箱:
dragonrster@foxmail.com
PGP 密钥: 如需加密通信,请在邮件中说明,我会提供 PGP 公钥。
基本原则
请勿利用漏洞进行破坏、修改数据或影响服务可用性。
请勿公开披露漏洞细节,直到我们确认修复完成。
请给予合理的修复时间(通常 30-90 天,视严重程度而定)。
请提供足够的细节以便我们复现和修复问题。
范围
本策略覆盖以下资产:
www.dragonrster.cn — 主站及所有子页面
web_server.py — 自建 HTTP 服务器
cgi-bin/ — 所有 CGI 脚本(guestbook, editor, search, toolbox,
stats)
排除范围
第三方服务(moe.dragonrster.cn 计数器、Neocities 徽章等)
已过期域名的子域名接管
社会工程学攻击
DoS/DDoS 攻击
致谢
经确认并修复的漏洞,我会在此页面公开致谢(除非您要求匿名)。目前还没有收到过外部漏洞报告——你可能是第一个!
|
|
English
This site welcomes responsible disclosure of security vulnerabilities.
If you discover a security issue, please contact me:
Contact:
dragonrster@foxmail.com
PGP Key: Available upon request for encrypted communication.
Principles
Do not exploit vulnerabilities to cause damage, modify data, or
disrupt service availability.
Do not publicly disclose vulnerability details until we confirm the
fix is complete.
Allow reasonable time for remediation (typically 30-90 days, depending
on severity).
Provide sufficient detail for us to reproduce and fix the issue.
Scope
This policy covers the following assets:
www.dragonrster.cn — Main site and all sub-pages
web_server.py — Custom HTTP server
cgi-bin/ — All CGI scripts (guestbook, editor, search, toolbox,
stats)
Out of Scope
Third-party services (moe.dragonrster.cn counter, Neocities badges,
etc.)
Subdomain takeover of expired domains
Social engineering attacks
DoS/DDoS attacks
Acknowledgments
Confirmed and fixed vulnerabilities will be acknowledged on this page
(unless you prefer to remain anonymous). No external vulnerability
reports have been received yet — you could be the first!
|
|
