The target application, InvoiceManager v2.4 , exposes a REST API endpoint at /api/invoice/preview . The endpoint accepts a template_id parameter, which is used to fetch a Jinja2 template from the database.
Create a template before you start the exam. Here is a proven structure: oswe exam report work
for common OSWE attack chains (like Auth Bypass to RCE). The target application, InvoiceManager v2