If you're exploit using existing code (which would be limited), but if you want to inject code you typically need to put on the stack. Maybe one could inject code into the .bss/.data section, but this is probably protected from execution as well. The .text section is probably read only.
