- Go https://hackxpert.com/ratsite and have a look around
- Take note of Priv levels and what they can or can not do
- Every single parameter '"><img src=x onerror=alert()>
- Focus on BAC, IDORs, XSS, CSRF Option: XXE
- Note down any issues you find
-- Steps
-- Summary
-- Expected results
-- Actual results
-- Remediation steps