# Exploit Title: KoolUploader - PHP Ajax File Upload - File Upload Vulnerability
# Date: 01/02/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: KoolUploader - PHP Ajax File Upload
# http://demo.koolphp.net/Examples/KoolUploader/Appearance/Styles/index.php
# Tested on: Linux
  
[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
Lezaeta, Inyexion, Login-Root, KikoArg, Ricota, Truenex, _tty0, Big,
Sunplace,Erick Jordan,Animacco ,yojota, Pablin77, SPEED, Knet,
Cereal, Yago, Rash, MagnoBalt, El Rodrix,NetT0xic,Gusan0r,Lucas Apa,
Maxi Soler, Darioxchx,r0dr1,Zer0-Zo0rg, ksha, Zerial,her0

Feliz Cumple Alfonso Cuevas :)
  
  
[Arbitrary File Upload]
the attacker can ulpoad shell.php.jpg 
then we look at http://path/Temp/shell.php.jpg  and we upload the
shell

-------------------------