http://localhost/cgi-bin/insecure.cgi?file=insecure.cgi%00loser!