Tell a story about the "scammer" or "fraudster" that buys this. What do they do with it? What do they win, how many times do they win it, and with what likelihood of success? How much work goes into realizing value from the vulnerability before they get their first dollar, or whatever it is they're getting? Is that work already done, or do they have to do it speculatively on this one vulnerability?
Reason your way through it all the way, and you'll see why real vulnerabilities sold on darker markets are paid in tranches, and why nobody pays real money for one-off serversides.
Reason your way through it all the way, and you'll see why real vulnerabilities sold on darker markets are paid in tranches, and why nobody pays real money for one-off serversides.