Welcome to the forums
To answer your question, there are a few ways.
XSS (Cross-Site Scripting) consists of running maliciious JavaScript on other user's PC. You can use XSS to run a script on a user that will steal their cookie(s) that they have for your website. The attacker can use the cookies and hijack the user's session and take control of his account. Read more on XSS here:
[url]http://en.wikipedia.org/wiki/Cross-site_scripting[/url]
Another technqiue, SQL Injection, consists of exploiting a poorly-filtered query to a database. If proper data-sanitation techniques aren't used on an application or application component that interacts with your database, the attacker can inject extra SQL into the query and run it. For example, if you have a search box that processes the user's input and queries a database to get results, an attacker could run multiple malicious SQL queries from that search box, if you don't filter the user input correctly. Read more on SQL Injection here:
[url]http://en.wikipedia.org/wiki/SQL_injection[/url]
Those are two common vulnerabilities to look out for.
"Workers of the world unite; you have nothing to lose but your chains." -Karl Marx