Question Full path disclosure downloading attachments

Hi there,

After installing 4.0.3 version, when I download an attached file I get the full path in the filename. I don't upload an screenshot for security reasons, but instead filename.pdf I get home_xxxx_media_kunena_attachments_filename.pdf

I have tried enabling and disabling Protect attachments option under Configuration --> Uploads, but nothing happens...

Regards,
Jose

This same issue is also discussed in the topic [K4.0.1] Attachment displaying full URL location .

This problem has not been solved.

Thanks sozzled.

To avoid it I have manually changed attachment filenames in database. This workaround avoid the full path disclosure while the issue is not corrected.

Regards,
Jose

Hello,

Can-you post here please your Kunena report configuration ?

Here you have (omited confidential info):

Kunena menu details: [/quote]

Joomla default template details : gk_startup | author: GavickPro | version: 3.9 | creationdate: Unknown

Kunena default template details : Blue Eagle | author: Kunena Team | version: 4.0.3 | creationdate: 2015-06-29

Kunena version detailed: Kunena 4.0.3 | 2015-06-29 [ Possagno ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	0
enablerss	1
threads_per_page	20
messages_per_page	6
messages_per_page_search	15
showhistory	1
historylimit	6
shownew	1
disemoticons	0
template	blue_eagle
showannouncement	1
avataroncat	0
catimagepath	category_images/
showchildcaticon	1
rtewidth	450
rteheight	300
enableforumjump	1
reportmsg	1
username	1
askemail	0
showemail	0
showuserstats	1
showkarma	1
useredit	1
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	1
allowfavorites	1
maxsubject	50
maxsig	300
regonly	0
pubwrite	0
floodprotection	0
mailmod	1
mailadmin	0
captcha	0
mailfull	1
allowavatarupload	1
allowavatargallery	1
avatarquality	65
avatarsize	60000
imageheight	800
imagewidth	800
imagesize	300
filetypes	txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2
filesize	6000
showranking	1
rankimages	1
userlist_rows	30
userlist_online	1
userlist_avatar	1
userlist_posts	1
userlist_karma	1
userlist_email	0
userlist_joindate	1
userlist_lastvisitdate	1
userlist_userhits	1
latestcategory
showstats	1
showwhoisonline	1
showgenstats	1
showpopuserstats	1
popusercount	5
showpopsubjectstats	1
popsubjectcount	5
showspoilertag	1
showvideotag	1
showebaytag	1
trimlongurls	1
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	1
ebaylanguagecode	en-us
sessiontimeout	1800
highlightcode	0
rss_type	topic
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	recent
default_sort	asc
sef	1
showimgforguest	1
showfileforguest	1
pollnboptions	4
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	1
polltimebtvotes	00:15:00
pollnbvotesbyuser	100
pollresultsuserslist	1
maxpersotext	50
ordering_system	mesid
post_dateformat	ago
post_dateformat_hover	datetime
hide_ip	1
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	50
thumbheight	32
thumbwidth	32
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	0
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
showthankyou	1
showpopthankyoustats	1
popthankscount	5
mod_see_deleted	0
bbcode_img_secure	text
listcat_show_moderators	1
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	1
userlist_count_users	1
enable_threaded_layouts	0
category_subscriptions	post
topic_subscriptions	every
pubprofile	0
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	0
keywords	0
userkeywords	0
image_upload	registered
file_upload	registered
topic_layout	flat
time_to_create_page	1
show_imgfiles_manage_profile	1
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	8
pickup_category	0
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
autolink	1
access_component	1
statslink_allowed	1
superadmin_userlist	0
legacy_urls	1
attachment_protection	1
categoryicons	1
avatarresizemethod	1
avatarcrop	0
user_report	1
searchtime	365
teaser	0
ebay_language	0
twitter_consumer_key
twitter_consumer_secret
max_links	6
userlist_name	0
usernamechange	0
version_check	1
userlist_usertype	0
sefutf8	0
enablepdf	1
jmambot	0
annmodid	62
changename	0
userlist_username	1
rules_infb	1
help_infb	1
onlineusers	1

| Kunena integration settings:

Warning: Spoiler!

Kunena - AlphaUserPoints Enabled: activity=1 avatar=1 profile=1 activity_points_limit=0
Kunena - Community Builder Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Enabled: access=1 login=1 activity=1 avatar=1 profile=1 private=1 activity_points_limit=0 activity_stream_limit=0
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
en-GB	English (en-GB)

Third-party components: None

Third-party SEF components: None

Plugins: None

Modules: None

I have a similar problem :dry:

Since i have updated from 3.0.6 to 4.0.3, some Attachments have a wrong Path like this:

http://media/kunena/attachments/Dienstleistungskatalog_eines_Versicherungsbrokers.pdf/Dienstleistungskatalog_eines_Versicherungsbrokers.pdf

No correkt URL and double documentname :S

Is there a solution to fix this?

Thanks from Switzerland
Corinne

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Disabled | FTP layer: Disabled |

This message contains confidential information

htaccess: Missing | PHP environment: Max execution time: 30 seconds | Max execution memory: 64M | Max file upload: 32M

Kunena menu details:

Warning: Spoiler!

ID	Name	Menutype	Link	Path	In trash
123	Forum	mainmenu	Itemid=114	kunena-2014-09-29	No
114	Forum	kunenamenu	view=home&defaultmenu=116	forum	No
115	Index	kunenamenu	view=category&layout=list	forum/index	No
116	Aktuell	kunenamenu	view=topics&mode=replies	forum/aktuell	No
117	Neues Thema	kunenamenu	view=topic&layout=create&catid=	forum/neuesthema	No
118	Ohne Antwort	kunenamenu	view=topics&mode=noreplies	forum/ohneantwort	No
119	Meine Themen	kunenamenu	view=topics&layout=user&mode=default&modetype=	forum/meinethemen	No
120	Profil	kunenamenu	view=user	forum/profil	No
121	Hilfe	kunenamenu	view=misc	forum/hilfe	No
122	Suche	kunenamenu	view=search	forum/suche	No

Joomla default template details : Standard_1_optimalis | author: Beatrice Brupbacher | version: 1.0 | creationdate: Unknown

Kunena default template details : Blue Eagle | author: Kunena Team | version: 4.0.3 | creationdate: 2015-06-29

Kunena version detailed: Kunena 4.0.3 | 2015-06-29 [ Possagno ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	0
enablerss	0
threads_per_page	20
messages_per_page	6
messages_per_page_search	15
showhistory	0
historylimit	6
shownew	1
disemoticons	1
template	blue_eagle
showannouncement	1
avataroncat	0
catimagepath	category_images
showchildcaticon	1
rtewidth	450
rteheight	300
enableforumjump	1
reportmsg	1
username	1
askemail	0
showemail	0
showuserstats	0
showkarma	0
useredit	0
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	1
allowfavorites	1
maxsubject	50
maxsig	300
regonly	1
pubwrite	0
floodprotection	0
mailmod	0
mailadmin	0
captcha	0
mailfull	1
allowavatarupload	0
allowavatargallery	0
avatarquality	75
avatarsize	2048
imageheight	800
imagewidth	800
imagesize	150
filetypes	txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2,doc,docx,xls,xlsx
filesize	64000000
showranking	0
rankimages	0
userlist_rows	30
userlist_online	0
userlist_avatar	0
userlist_posts	0
userlist_karma	0
userlist_email	0
userlist_joindate	0
userlist_lastvisitdate	0
userlist_userhits	0
latestcategory
showstats	0
showwhoisonline	0
showgenstats	0
showpopuserstats	0
popusercount	0
showpopsubjectstats	1
popsubjectcount	5
showspoilertag	0
showvideotag	1
showebaytag	0
trimlongurls	1
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	1
ebaylanguagecode	en-us
sessiontimeout	1800
highlightcode	0
rss_type	topic
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	recent
default_sort	desc
sef	1
showimgforguest	0
showfileforguest	0
pollnboptions	4
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	1
polltimebtvotes	00:15:00
pollnbvotesbyuser	100
pollresultsuserslist	1
maxpersotext	50
ordering_system	mesid
post_dateformat	datetime
post_dateformat_hover	datetime
hide_ip	1
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	50
thumbheight	32
thumbwidth	32
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	0
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
showthankyou	0
showpopthankyoustats	0
popthankscount	5
mod_see_deleted	0
bbcode_img_secure	text
listcat_show_moderators	0
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	1
userlist_count_users	1
enable_threaded_layouts	0
category_subscriptions	post
topic_subscriptions	every
pubprofile	0
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	0
keywords	0
userkeywords	0
image_upload	registered
file_upload	registered
topic_layout	flat
time_to_create_page	1
show_imgfiles_manage_profile	1
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	8
pickup_category	0
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
autolink	1
access_component	0
statslink_allowed	0
superadmin_userlist	0
legacy_urls	1
attachment_protection	0
categoryicons	1
avatarresizemethod	1
avatarcrop	0
user_report	1
searchtime	365
teaser	0
ebay_language	0
twitter_consumer_key
twitter_consumer_secret
max_links	6
userlist_name	0
usernamechange	0
version_check	1

| Kunena integration settings:

Warning: Spoiler!

Kunena - AlphaUserPoints Disabled
Kunena - Community Builder Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Disabled
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Disabled

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
de-DE	German (DE-CH-AT)
en-GB	English (United Kingdom)

Third-party components: None

Third-party SEF components: None

Plugins: Search - Kunena Search 3.1.0

Modules: Kunena Search 3.1.0

Hi Corinne,

It seems this only happens when you edit forum entries.

This is my workaround; it's a bit technical:

1. Make a backup. We have to modify some database fields, so the entire site could break.
2. Using phpmyadmin (or similar) go to kunena_attachments table.
3. Search something relevant of your path (for example, media) in the filename_real field:



4. Results are the attachments with full path. Just edit each one deleting the full path and keeping the file name.
For example, in your case you should have an entry with media/kunena/attachments/Dienstleistungskatalog_eines_Versicherungsbrokers.pdf/Dienstleistungskatalog_eines_Versicherungsbrokers.pdf and after editing you should have only Dienstleistungskatalog_eines_Versicherungsbrokers.pdf

Obviously, you have to do this every time you edit a forum entry while a patch is provided.

If you don't know how to do it, I can give you a hand. Just use the contact form of my website and I will help you.

Regards,
Jose

Hello Jose

Thanks for your solution, but is not exactly like this.

I made to printscreens from a wrong and a correct entry.

The "folder" entry is not correct...

OLD: /media/kunena/attachments/documentname.pdf




Correct: media/kunena/attachments




Maybe i can make a database replace from all entries with ".pdf" to /media/kunena/attachments

i will try this :silly:

Thank you for your help
Corinne

You're welcome Corinne!

In my case, the full path disclosure is located only in the filename_real field...

To be fully sure there is no path disclosure we should replace all downloadable file types, not only .pdf. More work to do! :silly:

Regards,
Jose

I have some path there are correct... so i need only the .pdf's

If somebody else have the same problem here my Script

UPDATE `xxx_kunena_attachments` SET `folder` = "media/kunena/attachments" WHERE `folder` LIKE "%.pdf"

Now everything works okay

Have a nice Day
Corinne