A curated collection of Google Dorks for reconnaissance and vulnerability discovery in bug bounty programs.
β οΈ ETHICAL & LEGAL USE ONLY
This cheatsheet is intended for authorized security testing only. Always obtain explicit permission before testing any target. Never attempt to access, download, or modify data without authorization. Use these techniques responsibly and in compliance with all applicable laws and terms of service.
ποΈ SQL Injection Hunting
inurl:".php?id="
Find pages with ID parameters (common SQLi target)
inurl:"product.php?id="
E-commerce product pages vulnerable to SQLi
inurl:"category.php?id="
Category pages with dynamic parameters
inurl:"news.php?id=" OR inurl:"article.php?id="
News/article sites with SQLi potential
inurl:"index.php?id=" intext:"View Details"
Detail view pages with ID parameters
π― XSS Vulnerability Hunting
inurl:"search.php?q="
Search pages that may reflect user input
inurl:"contact.php?subject=" OR inurl:"feedback.php?msg="
Step 1 - Discovery: Use dorks like site:target.com inurl:".php?id=" to find potential targets. Step 2 - Testing (Authorized Only!): For SQLi, test with id=1' and look for errors. For XSS, test with q=<script>alert(1)</script>. Step 3 - Manual Verification: Never use automated scanners on unauthorized targets. Test manually with harmless payloads. Step 4 - Responsible Disclosure: If you find a vulnerability (and have authorization), report it through proper channels.
π¨ CRITICAL ETHICAL NOTES FOR SQLi/XSS HUNTING
β οΈ TEST ONLY AUTHORIZED TARGETS: Only test sites you own or have explicit permission to test (bug bounty programs). β οΈ USE HARMLESS PAYLOADS: For SQLi, use ' (single quote) not DROP TABLE. For XSS, use alert(1) not malicious scripts. β οΈ NEVER ACCESS DATA: Even if you find SQL injection, never access, download, or modify database contents. β οΈ CHECK PROGRAM RULES: Each bug bounty program has specific rules - read them before testing! β οΈ YOU ARE RESPONSIBLE: You bear full legal responsibility for how you use these techniques.