[halfdeadcat]

So, an exploit using off-the-shelf software. Just awesome.

[tokenizerrr]

Well, yes. If you were going to exploit CGI scripts you'd likely use wget or curl instead of coding an HTTP client from scratch so why is this suprising?

[halfdeadcat]

It's a little surprising because I'm tempted to classify this one as 'requires 0 lines of code'.

[zobzu]

its pretty much the same for CGIs, its a one liner. theres other exploits like that. it happens :)