@intigriti
1 - xss, sqli
2 - search regex for cookie, localStorage,graphql, api, token in devtools
3 - curl a dummy request, replace header (origin,referer,host,etc) with localhost/127.0.0.1/internal.target
4 - create account , replace POST with DEL,PATCH,PUT
5 - arjun for hidden param