Attacks of this type allow an attacker to send executable code, which will later be made on the Web server. Vulnerability, leading to the possibility of implementing these attacks usually result in the absence of test data provided by the user, before storing them in an interpreted file server.
Before generating an HTML page server can run scripts, such as Server-site Includes (SSI). In some situations, the source code of pages generated based on the data provided by the user. If an attacker sends the server operators SSI, he may be able to perform operating system commands or include the restricted content in the next viewing.