SQLi through meta refreshes using cookies or useragents. Making SQLi a client-side attack. How much do you want to bet that the person that visits the site the most is the administrator :)

Javascript adding hidden files upload form fields that are auto populated with C:\Windows\System32\config\SAM or C:\Windows\Repair .. yadada. You get the idea.