Originally posted here by micky05
how can I build a similiar cmd.exe on my server? I'd like to have a customized html
message and have it audited for this type of attack.
Just build your exe the same as you would for a normal CGI exe. Mine was just a series of printf statements. It should return at least these lines:

200 OK
Content-Type: text/html

<html>
<head><title></title></head>
<body>
</body>
</html>

Remember to use \r\n instead of a single \n at the end of every line. Also remember to put an empty line between the Content-Type and <html>.