Re: Welcome to bug bounties
I found an SQLi (which went further with outfile which could pivot to a shell and the application was run as root for someone reason) in a piece of software that the vendor sold to multiple orgs, meaning it was vulnerable for every customer.
I got £40, I thought being paid beer money for stuff was limited to fixing your mum's printer. but I'm loathe to try and ask for more as the industry has too many stories of a company just flat out screaming blackmail, terminating safe harbour and threaten to call the cops if you object to the pittance
And that's not even mentioning a newbie triage guy saying "not in scope we don't own that company" for a huge vuln, the other triage guy gave me 5k for a smaller bug which got fixed on the same software go get him!