Hmm. I'm not sure I can think of anything useful to do, maybe I'm misunderstanding the what you main by "poison url".
From what you linked, the update was named with the shell script included in it, withthe hope that the script that runs that would execute in a shell, yeah?
I'm not sure what to try to use that in the browser.
I have tried this, and it did open a regular file with that name
Code:
<a href="./index$(date).html?var=$(date)">CLICK ME</a> <br />