To report a web vulnerability send us a crypted email to submit <at> secureless <dot> org with subject "<newhost> http://foo.bar/vuln" using our PGP Public Key using the following syntax:

HOST: Main URL

TYPE: Full named vulnerability. Only "SQL Injection", "Auth Bypass", "Directory Traversal", "File/Data Exposure", "Data Leak", "Full Path Disclosure", "Local File Include", "Cross Site Scripting", "Arbitraty File Upload", "Arbitrary File Download", "Remote File Include", "Full Path Disclosure" and "Remote Code Execution" are allowed here. If you want to suggest a new type of vulnerabilities please send us a contact email to contact <at> secureless <dot> org.

VULN: Vulnerable URL

STAT: Status of the report. Only "Unreported", "Reported" and "Fixed" are allowed.

DATE: Date of your report. If null, will be set to current date and time.

INFO: Put any comments about the vulnerability here. The comment/info text will be truncated to 600 chars.

Example:

HOST: http://domain.com
TYPE: SQL Injection
VULN: http://some.domain.com/ble.php?id=';%20--
STAT: Unreported
DATE: April 10, 2015
INFO: It was reported two years ago but has not been fixed. Exploiting,
you can access to all databases.

note: keep first word uppercased (HOST, TYPE, VULN, STAT, DATE and INFO).
note2: messages without secureless-format nor crypted will be rejected.
note3: In a future, you'll can submit a vulnerability using a form :)