Websense explains how the toolkit works: a php file is to be hidden in a iframe to start the attack. It will then call a perl cgi script which will try to detect what exploit should be used on the victim's computer.

via websenve.com