Check out One Line of Code that Compromises Your Server (Part 2) by Martin Fowler. Here is an excerpt:
Now Jack has the session key, he moves on to
show how he can use it to gain administrative rights on the application, and further to
get a shell on the server itself. He wraps up with some advice on how to prevent
these kinds of attacks.