This kind of attack will let you assume a users identity at a dynamically generated web page or site:
On a default installation of Microsoft IIS web server, under which privilege does the web server software execute?