For users on systems where lynx is the login shell or somehow the only
program allowed to run, the user can obtain a shell by simply "clicking"
a link that looks like this: foo.
Running hostile code is also easy with this feature:
foo. The login shell
(or something similiar) for eviluser@evilhost.foo prints out a few commands
to run on the victim.
