Scan the site with WebvulScan
[To see links please register here]
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.
Then exploit any vulnerabilities.
I tend to use SQLMap, or XssPy when exploiting the website
[To see links please register here]
[To see links please register here]
I haven't done website hacking in a while, however, I did a lot of it. Most websites aren't as secure as you'd think