I have been mucking around with the hackthissite.org missions every little bit when I get bored just for something to poke at.
I will try to give an explanation of the solution hopefully with out giving it away totally.
What you really need to know is in the description of the mission. (Funny how they mention the path as you would on the system?)
If you tried a regular command injection, you will find pretty quick that it does not work. Something to do a bit a research on is something called Server Side Includes with Apache. See where that leads you.
Also I promise to get back to the Application levels, I have finished the basic missions and wanted to write them up first.