Being hacked means that someone (or something) has gained access to your website files without your permission. There are many things a hacker might do once they are inside your website: Steal personal information like client data and credit card details.
Watch this youtube channel to know all about hacking, it contains information about most of the present ways of hacking and toutorials to hackthebox etc. zsecurity and devnull
Possible ways of hacking a website :
-- Code execution or file upload vulnerability : only allow users to upload files of non executable and secured formats like pdf .
-- Sql injection : check here and here
-- Cross site scripting : check here
-- hacking the server : This can be done by finding exploits on the open ports of the server on which the website is stored . First do information gathering using tools like nmap and then try finding exploits for the services on the open ports using tools like metasploit.
-- client side attacks : This is the final stage when a hacker can't hack using any of the above methods. check a tutorial here
Here is a list of handy SQL Injection Cheat Sheets:
- Port Swigger SQL Cheat Sheet
- NetSparker SQL Injection Cheat Sheet -- Quite informative
We hope you that you make your web applications keeping above things in mind ✌️