Friend of mine Jay Turla wrote an article about how SQL injection attacks
can make disaster at your server. Beside the way described here, think about attacks like
poissoning apache's log file to run php code, and etc...
Have fun and remember to do only legal pentests. ;)