CVE-2008-4243

Unreal Tournament 3 WebAdmin < 1.7 - Unauthenticated Path Traversal via ImageServer URI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4243. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Unreal Tournament 3's web interface (uWeb) in version 1.3, allowing unauthenticated attackers to download arbitrary files from the server's filesystem.

Description

Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/6506

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Unreal Tournament 3's web interface (uWeb) in version 1.3, allowing unauthenticated attackers to download arbitrary files from the server's filesystem.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Unreal Tournament 3 version 1.3 (builds 3601 and 3614)

No auth needed

Prerequisites: Unreal Tournament 3 server with web interface enabled

MITRE ATT&CK