KoolUploader suffers from a shell upload vulnerability.
a4180579d6c1325723ed5a88719959901cf064a7fc3fb5581c4f0816a85571ec
# Exploit Title: KoolUploader - PHP Ajax File Upload - File Upload Vulnerability
# Date: 01/02/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: KoolUploader - PHP Ajax File Upload
# http://demo.koolphp.net/Examples/KoolUploader/Appearance/Styles/index.php
# Tested on: Linux
[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
Lezaeta, Inyexion, Login-Root, KikoArg, Ricota, Truenex, _tty0, Big,
Sunplace,Erick Jordan,Animacco ,yojota, Pablin77, SPEED, Knet,
Cereal, Yago, Rash, MagnoBalt, El Rodrix,NetT0xic,Gusan0r,Lucas Apa,
Maxi Soler, Darioxchx,r0dr1,Zer0-Zo0rg, ksha, Zerial,her0
Feliz Cumple Alfonso Cuevas :)
[Arbitrary File Upload]
the attacker can ulpoad shell.php.jpg
then we look at http://path/Temp/shell.php.jpg and we upload the
shell
-------------------------