Kunena 6.3.0 released

The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3

Topics must relate to a currently supported version of Kunena. If you are unsure what is the current supported version of Kunena, please go to the download page.

If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.

Question Information disclosure when reporting posts.

heyai
Topic Author
Offline
New Member

6 years 2 months ago - 6 years 2 months ago #1 by heyai

Information disclosure when reporting posts. was created by heyai

Aloha,

This is a real fringe scenario, but you should know.

When a user reports a post, e-mails are sent to moderators.
In this case, emails are sent using SMTP.
A moderator has an e-mail address from the same domain as the SMTP domain.
The moderator's e-mail address was deleted from the server but is still set in their user account.

Now, the SMTP server returns an error message about the e-mail not existing, this error is displayed to the user.

So, yeah, there is information disclosure about e no-longer existing e-mail address.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 300 seconds | Max execution memory: 256M | Max file upload: 8M

Kunena menu details:

Warning: Spoiler!

ID Name Menutype Link Path In trash

218 Admin Forum mainmenu view=category&catid=5 forum/admin-forum No

215 Main Forum mainmenu view=home&defaultmenu=202 forum/main No

175 Recent Topics mainmenu view=topics&mode=replies forum/recent No

259 Unanswered Topics mainmenu view=topics&mode=noreplies forum/unanswered-topics No

178 My Topics mainmenu view=topics&layout=user&mode=default forum/mylatest No

193 My Thank Yous mainmenu view=topics&layout=posts&mode=thankyou forum/my-thank-yous No

208 My Favourite mainmenu view=topics&layout=user&mode=favorites forum/my-favourite No

209 My Subscriptions mainmenu view=topics&layout=user&mode=subscriptions forum/my-subscriptions No

253 Statistics mainmenu view=statistics forum/statistics No

260 PG 13 mainmenu view=category&catid=22 forum/pg-13 No

213 Search Forum mainmenu view=search search/forum No

210 Admin Forum mainmenu view=category&catid=5 admin/forum No

203 Moderate Forum Posts mainmenu view=topics&layout=posts&mode=unapproved&userid=0 admin/moderate-forum-posts No

144 Forum mainmenu view=category&layout=list&catid=0 kunena Yes

Joomla default template details : protostar | author: Kyle Ledbetter | version: 1.0 | creationdate: 4/30/2012

Kunena default template details : Crypsis | author: Kunena Team | version: 5.0.13 | creationdate: 2017-12-31

Kunena template params:

Warning: Spoiler!

DefaultCategoryicon

profileIconset default

DefaultIconset default

editorIconset default

lightboxColor white

bootstrap 0

icomoon 1

tooltips 1

borderless 1

SubjectLengthMessage 80

fullactions 1

quick 0

displayMenu 1

displayDropdownMenu 1

displayDropdownContent 1

displayModule 1

displayBreadcrumb 1

displayAnnouncement 1

displayFooter 1

avatarPosition left

avatarType img-rounded

labels 0

whoisonlineName default

formRecover 0

topicicontype B2

fontawesome 0

socialshare 0

socialsharetag

socialtheme classic

writeaccess 0

localstorage 0

video 1

maps 1

emoticons 1

twitter 1

ebay 1

link 1

picture 1

hide 1

spoiler 1

table 1

code 1

quote 1

divider 1

instagram 1

soundcloud 1

confidential 1

hr 1

listitem 1

supscript 1

subscript 1

numericlist 1

bulletedlist 1

alignright 1

alignleft 1

center 1

underline 1

italic 1

bold 1

strikethrough 1

colors 1

size 1

IconColor inherit

IconColorNew #48a348

avatarSizeX 40

avatarSizeY 90

avatarSizeXThumb 36

avatarSizeYThumb 36

avatarSizeXWelcome 72

avatarSizeYWelcome 72

avatarSizeXList 36

avatarSizeYList 36

avatarSizeXPost 144

avatarSizeYPost 144

avatarSizeXProfile 200

avatarSizeYProfile 200

templatebyText

templatebyName

templatebyLink

Kunena version detailed: Kunena 5.0.13 | 2017-12-31 [ Meerkat ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:

board_offline 0

enablerss 0

threads_per_page 20

messages_per_page 10

messages_per_page_search 15

showhistory 1

historylimit 6

shownew 1

disemoticons 0

template crypsis

showannouncement 1

avataroncat 1

catimagepath category_images/

showchildcaticon 1

rtewidth 425

rteheight 300

enableforumjump 1

reportmsg 1

username 1

askemail 0

showemail 0

showuserstats 1

showkarma 0

useredit 1

useredittime 0

useredittimegrace 600

editmarkup 1

allowsubscriptions 1

subscriptionschecked 0

allowfavorites 1

maxsubject 100

maxsig 300

regonly 0

pubwrite 0

floodprotection 35

mailmod 0

mailadmin -1

captcha 0

mailfull 1

allowavatarupload 0

allowavatargallery 0

avatarquality 65

avatarsize 1024

imageheight 800

imagewidth 800

imagesize 2048

filetypes png,bmp,jpg,jpeg,gif

filesize 4096

showranking 1

rankimages 1

userlist_rows 30

userlist_online 0

userlist_avatar 1

userlist_posts 1

userlist_karma 1

userlist_email 0

userlist_joindate 1

userlist_lastvisitdate 0

userlist_userhits 0

latestcategory 35,26,16,9,36,39,24,29,10,13,14,11,12

showstats 1

showwhoisonline 0

showgenstats 1

showpopuserstats 1

popusercount 10

showpopsubjectstats 1

popsubjectcount 5

showspoilertag 1

showvideotag 1

showebaytag 0

trimlongurls 1

trimlongurlsfront 20

trimlongurlsback 15

autoembedyoutube 1

autoembedebay 0

ebaylanguagecode en-us

sessiontimeout 1800

highlightcode 0

rss_type post

rss_timelimit week

rss_limit 100

rss_included_categories

rss_excluded_categories

rss_specification rss2.0

rss_allow_html 1

rss_author_format name

rss_author_in_title 1

rss_word_count 0

rss_old_titles 0

rss_cache 1800

defaultpage categories

default_sort asc

sef 1

showimgforguest 0

showfileforguest 0

pollnboptions 9

pollallowvoteone 1

pollenabled 1

poppollscount 5

showpoppollstats 1

polltimebtvotes 00:10:00

pollnbvotesbyuser 100

pollresultsuserslist 0

maxpersotext 50

ordering_system mesid

post_dateformat ago

post_dateformat_hover datetime

hide_ip 1

imagetypes jpg,jpeg,gif,png

checkmimetypes 1

imagemimetypes image/jpeg,image/jpg,image/gif,image/png

imagequality 85

thumbheight 64

thumbwidth 64

hideuserprofileinfo put_empty

boxghostmessage 0

userdeletetmessage 1

latestcategory_in 1

topicicons 1

debug 0

catsautosubscribed 0

showbannedreason 0

showthankyou 1

showpopthankyoustats 1

popthankscount 10

mod_see_deleted 1

bbcode_img_secure text

listcat_show_moderators 0

lightbox 1

show_list_time 720

show_session_type 0

show_session_starttime 0

userlist_allowed 1

userlist_count_users 3

enable_threaded_layouts 1

category_subscriptions topic

topic_subscriptions first

pubprofile 1

thankyou_max 10

email_recipient_count 0

email_recipient_privacy bcc

captcha_post_limit 0

image_upload registered

file_upload registered

topic_layout flat

time_to_create_page 0

show_imgfiles_manage_profile 1

hold_newusers_posts 5

hold_guest_posts 0

attachment_limit 8

pickup_category 1

article_display intro

send_emails 1

fallback_english 1

cache 1

cache_time 60

iptracking 1

rss_feedburner_url

autolink 1

access_component 1

statslink_allowed 1

superadmin_userlist 0

legacy_urls 1

attachment_protection 0

categoryicons 1

avatarresizemethod 1

avatarcrop 0

user_report 1

searchtime 365

teaser 0

ebay_language 0

allow_change_subject 1

max_links 6

read_only 0

ratingenabled 0

url_subject_topic 0

log_moderation 0

attach_start 0

attach_end 14

attachment_utf8 1

autoembedsoundcloud 1

emailheader /media/kunena/email/hero-wide.png

user_status 1

plain_email 0

moderator_permdelete 0

recaptcha_publickey

recaptcha_privatekey

recaptcha_theme white

keywords 0

userkeywords 0

userlist_name 0

usernamechange 0

version_check 1

userlist_usertype 0

sefutf8 0

enablepdf 0

jmambot 0

annmodid 62,63,64

changename 0

userlist_username 1

rules_infb 0

help_infb 0

onlineusers 0

| Kunena integration settings:

Warning: Spoiler!

Kunena - Finder Disabled
Kunena - AlphaUserPoints Disabled
Kunena - AltaUserPoints Disabled
Kunena - Community Builder Enabled: access=1 login=1 activity=1 avatar=1 profile=1 private=1
Kunena - Easyblog Disabled
Kunena - Easyprofile Disabled
Kunena - Easysocial Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Disabled
Kunena - Joomla Enabled: access=1 login=0
Kunena - Kunena Enabled: avatar=0 profile=0
Kunena - UddeIM Enabled: private=1

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:

en-GB English (en-GB)

Kunena config settings:
board_offline	0
enablerss	0
threads_per_page	20
messages_per_page	10
messages_per_page_search	15
showhistory	1
historylimit	6
shownew	1
disemoticons	0
template	crypsis
showannouncement	1
avataroncat	1
catimagepath	category_images/
showchildcaticon	1
rtewidth	425
rteheight	300
enableforumjump	1
reportmsg	1
username	1
askemail	0
showemail	0
showuserstats	1
showkarma	0
useredit	1
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	0
allowfavorites	1
maxsubject	100
maxsig	300
regonly	0
pubwrite	0
floodprotection	35
mailmod	0
mailadmin	-1
captcha	0
mailfull	1
allowavatarupload	0
allowavatargallery	0
avatarquality	65
avatarsize	1024
imageheight	800
imagewidth	800
imagesize	2048
filetypes	png,bmp,jpg,jpeg,gif
filesize	4096
showranking	1
rankimages	1
userlist_rows	30
userlist_online	0
userlist_avatar	1
userlist_posts	1
userlist_karma	1
userlist_email	0
userlist_joindate	1
userlist_lastvisitdate	0
userlist_userhits	0
latestcategory	35,26,16,9,36,39,24,29,10,13,14,11,12
showstats	1
showwhoisonline	0
showgenstats	1
showpopuserstats	1
popusercount	10
showpopsubjectstats	1
popsubjectcount	5
showspoilertag	1
showvideotag	1
showebaytag	0
trimlongurls	1
trimlongurlsfront	20
trimlongurlsback	15
autoembedyoutube	1
autoembedebay	0
ebaylanguagecode	en-us
sessiontimeout	1800
highlightcode	0
rss_type	post
rss_timelimit	week
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	0
rss_cache	1800
defaultpage	categories
default_sort	asc
sef	1
showimgforguest	0
showfileforguest	0
pollnboptions	9
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	1
polltimebtvotes	00:10:00
pollnbvotesbyuser	100
pollresultsuserslist	0
maxpersotext	50
ordering_system	mesid
post_dateformat	ago
post_dateformat_hover	datetime
hide_ip	1
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	85
thumbheight	64
thumbwidth	64
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	1
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
showthankyou	1
showpopthankyoustats	1
popthankscount	10
mod_see_deleted	1
bbcode_img_secure	text
listcat_show_moderators	0
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	1
userlist_count_users	3
enable_threaded_layouts	1
category_subscriptions	topic
topic_subscriptions	first
pubprofile	1
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	0
image_upload	registered
file_upload	registered
topic_layout	flat
time_to_create_page	0
show_imgfiles_manage_profile	1
hold_newusers_posts	5
hold_guest_posts	0
attachment_limit	8
pickup_category	1
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
autolink	1
access_component	1
statslink_allowed	1
superadmin_userlist	0
legacy_urls	1
attachment_protection	0
categoryicons	1
avatarresizemethod	1
avatarcrop	0
user_report	1
searchtime	365
teaser	0
ebay_language	0
allow_change_subject	1
max_links	6
read_only	0
ratingenabled	0
url_subject_topic	0
log_moderation	0
attach_start	0
attach_end	14
attachment_utf8	1
autoembedsoundcloud	1
emailheader	/media/kunena/email/hero-wide.png
user_status	1
plain_email	0
moderator_permdelete	0
recaptcha_publickey
recaptcha_privatekey
recaptcha_theme	white
keywords	0
userkeywords	0
userlist_name	0
usernamechange	0
version_check	1
userlist_usertype	0
sefutf8	0
enablepdf	0
jmambot	0
annmodid	62,63,64
changename	0
userlist_username	1
rules_infb	0
help_infb	0
onlineusers	0

Joomla! languages installed:
en-GB	English (en-GB)

Third-party components: CommunityBuilder 2.1.3 | UddeIM 4.0

Third-party SEF components: None

Plugins: Search - Kunena Search 5.0.3 | Content - Kunena Discuss 5.0.3

Modules: Kunena Latest 5.0.3 | Kunena Stats 5.0.3 | Kunena Search 5.0.3

I hope I described this well enough. Let me know if you have questions (or tell me I'm a wacko).

Attachments:

Last edit: 6 years 2 months ago by heyai.

Please Log in or Create an account to join the conversation.

xillibit
Offline
Administrator

6 years 2 months ago #2 by xillibit

Replied by xillibit on topic Information disclosure when reporting posts.

Hello,

This kind of error is throw by Joomla! directly, i'am agree with you this kind shouldn't be shown at every user

I don't provide support by PM, because this can be useful for someone else.

Please Log in or Create an account to join the conversation.

Time to create page: 0.543 seconds