Error Cannot Find Config File Phplist
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up phplist not working up vote 0 down vote favorite I have downloaded phplist-2.10.19 and installed on my server. After all configurations settings has been done. It is working fine on main url. Like : http://www.xxxxxxxxx.com/phplist/public_html/lists/ But when i tried to include this fine in another file then it's showing me the following error : "Error, cannot find config file" Following is the code of that file.
that I want to send, The cron loks like it is working but no mail is send. This is the cron : /usr/bin/curl http://discuss.phplist.org/t/phplist-is-not-sending-anymore/285 'http://www.activate.nl/phplist/admin/index.php?page=pageaction&action=processqueue&login=******&password=**********' >/dev/null I have send a testmail and that is working so what can be wrong? This is the cron email that I am getting : % Total % Received % Xferd Average Speed http://www.securityfocus.com/archive//500057 Time Time Time Current Dload Upload Total Spent Left Speed 100 9898 0 9898 0 0 39787 0 --:--:-- --:--:-- --:--:-- 39787100 11942 0 11942 0 0 45804 0 --:--:-- --:--:-- --:--:-- 181k Thanks error cannot and greetings, Erik. danwaterloo 2015-05-31 13:27:26 UTC #2 Hi Erik, What version of phpList are you using?Did you recently make any changes or update? Thanks,Dan Activate 2015-05-31 21:19:01 UTC #3 hello Dan, Thanks for the reply, I haven't changed anything the version is 3.012 Thanks and greetings, Erik. Activate 2015-06-02 10:46:55 UTC #4 Tried to set the scheduling no effect either.... duncanc 2015-06-02 11:48:26 UTC #5 Change error cannot find the cron command so that it captures output, otherwise you have no idea whether anything is going wrong. This might work or you may need to add parameters to the curl command: /usr/bin/curl 'http://www.activate.nl/phplist/admin/index.php?page=pageaction&action=processqueue&login=******&password=**********' >~/cron.log 2>&1 When was the last time that the cron job successfully ran? I might be wrong but I thought that phplist now doesn't support the command syntax that you are using. Activate 2015-06-02 16:03:01 UTC #6 Thanks for the reply, The last time I used it was september last year, I have changed it right now lets see if it works. Thank and greetings, Erik. Activate 2015-06-02 16:17:28 UTC #7 /bin/sh: /var/www/vhosts/activate.nl/cron.log: No such file or directory now I am getting this. Thanks and greetings, Erik. duncanc 2015-06-02 17:12:23 UTC #8 Please show the command that you are now running.Also you may have more success using the recommended cron command or using remote queue processing, see the section of the new phplist manual for how to do that. Activate 2015-06-02 18:40:05 UTC #9 This is the line: /usr/bin/curl 'http://www.activate.nl/phplist/admin/index.php?page=pageaction&action=processqueue&login=*****&password=******' >~/cron.log 2>&1 I will look at the manual. Thanks and greetings, Erik. duncanc 2015-06-02 19:41:25 UTC #10 Activate: /bin/sh: /var/www/vhosts/activate.nl/cron.log: No such file or directory now
Local File inclusion # Vendor: http://www.phplist.com # Bug: Local File Inclusion # Vulnerable Version: 2.10.8 (prior versions also may be affected) # Exploitation: Remote with browser # Fix: N/A # Original Advisory: http://www.bugreport.ir/index_60.htm ################################################################### #################### - Description: #################### Quote From vendor:"phplist is an open-source newsletter manager. phplist is free to download, install and use, and is easy to integrate with any website. phplist is downloaded more than 10 000 times per month and is listed in the top open source projects for vitality score on Freshmeat. phplist is sponsored by tincan." #################### - Vulnerability: #################### +--> Local File Inclusion Because of the vulnerability in "admin/index.php", When "register_globals" is disabled (Default PHP Configuration) It is possible for remote attackers to include arbitrary files from local resources before performing authentication. Code Snippet: /lists/admin.php #line:10-18 if (!ini_get("register_globals") || ini_get("register_globals") == "off") { # fix register globals, for now, should be phased out gradually # sure, this gets around the entire reason that regLANGUAGE_SWITCHister globals # should be off, but going through three years of code takes a long time.... foreach ($_REQUEST as $key => $val) { $$key = $val; } } /lists/admin.php #line:41-56 if (isset($_SERVER["ConfigFile"]) && is_file($_SERVER["ConfigFile"])) { print ''."\n"; include $_SERVER["ConfigFile"]; } elseif (isset($cline["c"]) && is_file($cline["c"])) { print ''."\n"; include $cline["c"]; } elseif (isset($_ENV["CONFIG"]) && is_file($_ENV["CONFIG"])) { # print ''."\n"; include $_ENV["CONFIG"]; } elseif (is_file("../config/config.php")) { print ''."\n"; include "../config/config.php"; } else { print "Error, cannot find config file\n"; exit; } #################### - POC: #################### http://www.example.com/lists/admin/index.php?_SE