Web application provides an interface between the web server and the client to communicate. Web pages are generated at the server, and browsers present them at the client side. The data is passed between client and server in the form of HTML pages through HTTP protocol.
There are client-side vulnerabilities and server-side vulnerabilities which lead to a web application attack.
This involves modifying parameters exchanged between client and server, which may lead to XSS attack and SQL injection attack. Usually, HTML data goes as a name-value pair; if the attacker is able to modify the values of the parameter during transfer, it may lead to many other attacks.
Web applications accept user inputs, queries are constructed based on dynamic user input. If these inputs are not properly sanitised they will open a way for the attacker to launch attacks like XSS, SQL injection attack, Directory traversal attack, etc., identity theft, data theft are dangerous outcomes of this attack.
Directory traversal Attack:
This is a type of vulnerability where an attacker is able to access beyond the web root directory, into the restricted directories on the web server. Then an attacker will be able to access system files, run OS commands, access configuration information, etc.