My first bug bounty, received 250$ for an out-of-scope SQL injection.

https://promo.tw.campaign.yahoo.net/instant-articles/facebook_article.php?no=%275478