[jansommer]

Damn, didn't know $1750 was low. I got something similar for reporting an exploit to Microsoft, where opening an attached ICS/calendar entry in Outlooks web client allowed me to execute arbitrary JavaScript on outlook.microsoft.com as the current user. Should have asked for more!

[tptacek]

It sounds like you got $1750 for an XSS-equivalent attack. That's high for XSS.

[ianhawes]

Yes... yes you should have.

[dQw4w9WgXcQ]

I wouldn't beat yourself up over it. There's probably room to develop an exploit valuation model that better helps to translate (time spent on research) + (X% of business/customer impact), where X is a pretty low figure, otherwise companies would never stay in business.

Don't undervalue the intangible permanence of doing the right thing, character outlasts cash come the grave.