Welcome, stmalt. Glad you stopped by.
A real basic method is to tweak the url and set what you can get. Watch especially for cgi directories. Sometimes the admin doesn't secure them and by running the scripts, you can find all kinds of goodies.
Also, when you find an inquiry or selection box, do a query and then look at your temp internet files. Sometimes you can change those queries and find silver.
For example,
http://server1/abc/PopupXML.asp?A0=10&A1=U...|%20asc&A3=&A4=11,9,8,1028,52,37,39,24,25,1032&A5=10&A6=1&A7=0&A8=0&A9=-2.19907407881692E-04&A10=
This is a query for all records for Jones in a particular system. The data shown is for fields referenced by 11,9,8,1028,52,37,39,24,25,1032&A5. In some systems, you can change the 11 to 12, 9 to 15, etc., and retrieve difference information that your original query requested (you have no idea what 12 or 15 represents, but you could get lucky).
