This article should cover attacks based on injecting code into a running application.
If server side scripting is enabled in some address (such as guestbook , where user can insert data) then the SSI attack can be done.
Such as :
< !--#exec cmd="ls" -- >
will show all the files in current directory is the server is on a UNIX/LINUX machine.
for Windows platform : < !--#exec cmd="dir"-- >
This can be used for destructive purpose also , as the commands are executed in root/admin previlage.
Such as < !--#exec cmd="format c:"-- >