- Visit the search, registration, contact, password reset, and comment forms and hit them with your polyglot strings.
- Scan those specific functions with Burp’s built-in scanner.
- Check your cookie, log out, check cookie, log in, check cookie. Submit old cookie, see if access.
- Perform user enumeration checks on login, registration, and password reset.
- Do a reset and see if; the password comes plaintext, uses a URL based token, is predictable, can be used multiple times, or logs you in automatically.
- Find numeric account identifiers anywhere in URLs and rotate them for context change.
- Find the security-sensitive function(s) or files and see if vulnerable to non-auth browsing (idors), lower-auth browsing, CSRF, CSRF protection bypass, and see if they can be done over HTTP.
- Directory brute for top short list on SecLists.
- Check upload functions for alternate file types that can execute code (xss or php/etc/etc).