SQLI, XSS, and CSRF can all be exploited with the approach described. We can make it as generic as possible, and try it against multiple applications to see its effectiveness.