I need some help here. I am trying to use one of the exploits that comes with Metasploit to see if I can re-create an event that happened.

I am running Backtrack4 R2 in Oracle VM and have osCommerce set up on my main machine using the WAMP package.

The version of osCommerce is osCommerce 2.2-MS2.

No matter what I try I can not seem to be able to exploit my machine. As a payload I am using generic/shell_reverse_tcp.

This is the Metasploit page on the exploit: http://www.metasploit.com/modules/exploit/unix/webapp/oscommerce_filemanager.

I have set all the options and tried both IP addresses as VHOST as I thought that might be the problem but it was not.

The Virtual Box is set to bridged networking.

Any help on this one would be welcome.

I was thinking that. Thought I would try it using a free hosting account but try finding one these day's with register_globals and register_array_long both enabled in php.ini...

Are you able to pass traffic between the two machines prior to attempting to exploit it?  If you are, that'll tell you that it's not an interface/routing issue, but something with the exploit itself.