This article should cover attacks based on injecting code into a running application.
If server side scripting is enabled in some address (such as guestbook , where user can insert data) then the SSI attack can be done.
Such as :
will show all the files in current directory is the server is on a UNIX/LINUX machine.
for Windows platform :
This can be used for destructive purpose also , as the commands are executed in root/admin previlage.