Well, yes. If you were going to exploit CGI scripts you'd likely use wget or curl instead of coding an HTTP client from scratch so why is this suprising?

It's a little surprising because I'm tempted to classify this one as 'requires 0 lines of code'.

its pretty much the same for CGIs, its a one liner. theres other exploits like that. it happens :)