{"id":13844960,"url":"https://github.com/sqlsec/upload-labs-docker","last_synced_at":"2025-09-21T23:46:22.699Z","repository":{"id":112977973,"uuid":"307289414","full_name":"sqlsec/upload-labs-docker","owner":"sqlsec","description":"国光的文件上传靶场，基于 upload-labs 定制","archived":false,"fork":false,"pushed_at":"2021-03-25T01:09:03.000Z","size":15320,"stargazers_count":179,"open_issues_count":2,"forks_count":19,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-22T01:38:55.690Z","etag":null,"topics":["ctf","docker"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/sqlsec/ggctf-upload","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sqlsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-10-26T07:15:02.000Z","updated_at":"2025-04-21T05:35:42.000Z","dependencies_parsed_at":"2024-02-21T10:25:19.459Z","dependency_job_id":null,"html_url":"https://github.com/sqlsec/upload-labs-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sqlsec/upload-labs-docker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sqlsec%2Fupload-labs-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sqlsec%2Fupload-labs-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sqlsec%2Fupload-labs-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sqlsec%2Fupload-labs-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sqlsec","download_url":"https://codeload.github.com/sqlsec/upload-labs-docker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sqlsec%2Fupload-labs-docker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276324411,"owners_count":25622504,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-21T02:00:07.055Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","docker"],"created_at":"2024-08-04T17:03:04.248Z","updated_at":"2025-09-21T23:46:22.679Z","avatar_url":"https://github.com/sqlsec.png","language":"PHP","readme":"![](https://img.shields.io/hexpm/l/plug) ![](https://img.shields.io/github/repo-size/sqlsec/upload-labs-docker?color=green) ![](https://img.shields.io/github/stars/sqlsec/upload-labs-docker?color=yellow) \n\n# 简介\n\n直接使用别人的靶场总感觉不太好，那么就干脆自己写一个自己的文件上传靶场吧。正好博客之前也没有单独总结过文件上传的知识点，那么就顺便水一篇文章，岂不是一举两得。当然关于文件上传 upload-labs 总结的比较全面了，非强迫症患者建议直接去刷 upload-labs ，本文很多核心代码也都是直接用了 upload-labs 的轮子的…\n\n\n\n**本项目的优势**：\n\n1. Docker 一键部署很方便，可以灵活的导入到 CTFd 中\n2. 题目更侧重于教学，注重对选手解题的引导，而不是一味地刁难选手\n3. 配套保姆级 WP，妈妈再也不用担心不会解题啦\n4. 前端界面在同行的衬托下没有那么丑\n\n# 环境部署\n\n**DockerHub 项目地址**：https://hub.docker.com/r/sqlsec/ggctf-upload\n\n```bash\n# 进入项目文件夹\ncd upload-labs-docker\n\n# 一键部署运行\ndocker-compose up -d\n```\n\n默认 13 个关卡运行的端口为 30001-30013 这 13 个端口上，如果要自定义端口信息的话，自行修改 docker-compose.yml 文件即可。\n\n![](imgs/image-20201026161223134.png)  \n\n\u003e 一共 13 个 Docker 容器，可能第一次部署需要一定的时间，有点硬伤， 耐心等待一下即可\n\n# Writeup\n\n配套的 Writeup 已经同步到国光的博客了：\n\n[国光的文件上传靶场知识总结](https://www.sqlsec.com/2020/10/upload.html) \n\n当然也有一份 Github 本地的 [Writeup （点我查看）](./WP.md)\n\n# 部分截图\n\n![](imgs/16035981315620.png) \n\n![](imgs/16036091167949.png) \n\n![](imgs/160361194314.png) \n\n ![](imgs/16036129575787.png) \n\n...... 更多细节等待大家自己去探索反向，这里就不一一列举了。\n\n# 参考资料\n\n- [CTFHub](https://www.ctfhub.com/)\n- [Github - c0ny1/upload-labs](https://github.com/c0ny1/upload-labs)\n- [WooYun 乌云 - php imagecreatefrom* 系列函数之 png](https://wooyun.x10sec.org/static/drops/tips-16034.html)\n- [Smi1e - Upload-labs 20关通关笔记](https://www.smi1e.top/upload-labs-20关通关笔记/)\n- [先知 - upload-labs之pass 16详细分析](https://xz.aliyun.com/t/2657)\n- [Encoding Web Shells in PNG IDAT chunks](https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/)\n\n\n\n","funding_links":[],"categories":["PHP"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsqlsec%2Fupload-labs-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsqlsec%2Fupload-labs-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsqlsec%2Fupload-labs-docker/lists"}