Back to Library

Google Dork: intext:"CVSS score" AND "eligible...

Finds pages referencing CVSS scoring and reward eligibility for vulnerability reports outside major bounty platforms.

Intermediate
Safe to use
files

Google Dork Query:

intext:"CVSS score" AND "eligible for a reward" -hackerone -bugcrowd
0
Not verified

What It Does

This dork uses 'intext:' to find pages mentioning 'CVSS score' alongside 'eligible for a reward' while excluding HackerOne and Bugcrowd. It discovers independent bug bounty programs that use CVSS severity scoring to determine reward amounts, revealing organizations running their own vulnerability reward programs.

Common Use Cases

  • Independent Bounty Discovery: Find bug bounty programs that operate outside HackerOne and Bugcrowd with CVSS-based reward tiers.
  • Reward Structure Research: Study how organizations tie CVSS severity scores to monetary rewards in their independent programs.
  • High-Value Target Identification: Locate programs with CVSS-based payouts where critical severity findings yield the highest rewards.

How to Use Safely

  1. Run the dork in Google to find pages with CVSS-based reward eligibility criteria.
  2. Review the reward tiers and how they map to CVSS severity levels.
  3. Note the scope, eligible vulnerability categories, and submission process.
  4. Prioritize programs based on reward amounts and your vulnerability research expertise.

Responsible Use Required

This dork should only be used on systems you own or have explicit authorization to test. Unauthorized access to computer systems is illegal. Always follow ethical guidelines and obtain proper permission before testing.

Related Dorks

Find PHP Files

Locates password and credential files containing authentication credentials that have been inadvertently exposed to public indexing.

Find PAC Files

Finds proxy auto-configuration (PAC) files that have been inadvertently exposed on web servers and indexed by search engines.

Find Live View / - AXIS Pages

Finds live view / - axis pages that have been inadvertently exposed on web servers and indexed by search engines.