Location:https://github.com/pluck-cms/pluck/blob/master/data/inc/themeinstall.php
Code:
// ...... $dir = 'data/themes'; //Where we will save and extract the file. $maxfilesize = 1000000; //Max size of file. $filename = $_FILES['sendfile']['name']; //Determine filename. //Check if we're dealing with a file with tar.gz or zip in filename. if (!strpos($filename, '.tar.gz') && !strpos($filename, '.zip')) show_error($lang['general']['not_valid_file'], 1); else { //Check if file isn't too big. if ($_FILES['sendfile']['size'] > $maxfilesize) show_error($lang['theme_install']['too_big'], 1, true); else { //Save theme-file. copy($_FILES['sendfile']['tmp_name'], $dir.'/'.$filename) or die ($lang['general']['upload_failed']); if (strpos($filename, '.tar.gz')) { //Then load the library for extracting the tar.gz-file. require_once ('data/inc/lib/tarlib.class.php'); //Load the tarfile. $tar = new TarLib($dir.'/'.$filename); //And extract it. $tar->Extract(FULL_ARCHIVE, $dir); //After extraction: delete the tar.gz-file. unlink($dir.'/'.$filename); } else { //if not tar.gz then this file must be zip //Then load the library for extracting the zip-file. require_once ('data/inc/lib/unzip.class.php'); //Load the zipfile. $zip=new UnZIP($dir.'/'.$filename); //And extract it. $zip->extract(); //After extraction: delete the zip-file. unlink($dir.'/'.$filename); // ......
Parse the. TXT file as PHP type by placing. htaccess in the compressed package and then execute the PHP statement.
Step1. Upload a file zip
File content:
.htaccess
File content

phpinfo.txt
File content

Step2 Request