The exploit demonstrates a directory traversal vulnerability in mcNews by manipulating the 'skinfile' parameter to access arbitrary files on the server. The PoC URL shows how an attacker can read files outside the intended directory by using '../' sequences.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:mcNews
No auth needed
Prerequisites:Access to the vulnerable mcNews installation