> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# File Upload Vulnerabilities

> Recursos cross-platform para File Upload Vulnerabilities: máquinas HTB, labs PortSwigger y rooms TryHackMe curados, con writeups validados y skills relacionadas.

# File Upload Vulnerabilities

Esta página agrega los **recursos para practicar File Upload Vulnerabilities** de forma cross-platform: máquinas retiradas de Hack The Box, labs de PortSwigger Web Security Academy y rooms de TryHackMe, más recursos curados (HackTricks, PortSwigger, etc.) y skills relacionadas.

## Recursos curados

| Fuente      | Enlace                                                                                               |
| ----------- | ---------------------------------------------------------------------------------------------------- |
| PortSwigger | [https://portswigger.net/web-security/file-upload](https://portswigger.net/web-security/file-upload) |

## Máquinas HTB que practican File Upload Vulnerabilities (16)

| Máquina                                              | SO      | Dificultad                                           |
| ---------------------------------------------------- | ------- | ---------------------------------------------------- |
| [Bank](/htb/machines/linux/facil/bank)               | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Beep](/htb/machines/linux/facil/beep)               | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Blunder](/htb/machines/linux/facil/blunder)         | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Bounty](/htb/machines/windows/facil/bounty)         | Windows | <span className="dbadge dbadge-easy">EASY</span>     |
| [Conceal](/htb/machines/windows/dificil/conceal)     | Windows | <span className="dbadge dbadge-hard">HARD</span>     |
| [Falafel](/htb/machines/linux/dificil/falafel)       | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Late](/htb/machines/linux/facil/late)               | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Meta](/htb/machines/linux/medio/meta)               | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Nibbles](/htb/machines/linux/facil/nibbles)         | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [OpenSource](/htb/machines/linux/facil/opensource)   | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [OverGraph](/htb/machines/linux/dificil/overgraph)   | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Phoenix](/htb/machines/linux/dificil/phoenix)       | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Silo](/htb/machines/windows/medio/silo)             | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Talkative](/htb/machines/linux/dificil/talkative)   | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [TheNotebook](/htb/machines/linux/medio/thenotebook) | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Timing](/htb/machines/linux/medio/timing)           | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |

## Labs PortSwigger que practican File Upload Vulnerabilities (8)

| Lab                                                                                                                                                    | Dificultad                                                 | Topic                       | Oficial                                                                                                                        |
| ------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| [Remote code execution via web shell upload](/portswigger/labs/file-upload/file-upload-remote-code-execution-via-web-shell-upload)                     | <span className="dbadge dbadge-easy">APPRENTICE</span>     | File Upload Vulnerabilities | [Abrir](https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload)           |
| [Web shell upload via Content-Type restriction bypass](/portswigger/labs/file-upload/file-upload-web-shell-upload-via-content-type-restriction-bypass) | <span className="dbadge dbadge-easy">APPRENTICE</span>     | File Upload Vulnerabilities | [Abrir](https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-content-type-restriction-bypass) |
| [Web shell upload via race condition](/portswigger/labs/file-upload/file-upload-web-shell-upload-via-race-condition)                                   | <span className="dbadge dbadge-easy">APPRENTICE</span>     | File Upload Vulnerabilities | [Abrir](https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-race-condition)                  |
| [Exploiting XXE via image file upload](/portswigger/labs/xxe/xxe-via-file-upload)                                                                      | <span className="dbadge dbadge-medium">PRACTITIONER</span> | XXE (XML External Entity)   | [Abrir](https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload)                                                      |
| [Remote code execution via polyglot web shell upload](/portswigger/labs/file-upload/file-upload-remote-code-execution-via-polyglot-web-shell-upload)   | <span className="dbadge dbadge-medium">PRACTITIONER</span> | File Upload Vulnerabilities | [Abrir](https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-polyglot-web-shell-upload)  |
| [Web shell upload via extension blacklist bypass](/portswigger/labs/file-upload/file-upload-web-shell-upload-via-extension-blacklist-bypass)           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | File Upload Vulnerabilities | [Abrir](https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-extension-blacklist-bypass)      |
| [Web shell upload via obfuscated file extension](/portswigger/labs/file-upload/file-upload-web-shell-upload-via-obfuscated-file-extension)             | <span className="dbadge dbadge-medium">PRACTITIONER</span> | File Upload Vulnerabilities | [Abrir](https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-obfuscated-file-extension)       |
| [Web shell upload via path traversal](/portswigger/labs/file-upload/file-upload-web-shell-upload-via-path-traversal)                                   | <span className="dbadge dbadge-medium">PRACTITIONER</span> | File Upload Vulnerabilities | [Abrir](https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-path-traversal)                  |

## Rooms TryHackMe que practican File Upload Vulnerabilities (4)

| Room                                                             | Dificultad                                       | Tipo        | Acceso  | Oficial                                                |
| ---------------------------------------------------------------- | ------------------------------------------------ | ----------- | ------- | ------------------------------------------------------ |
| [25 Days of Cyber Security](/tryhackme/rooms/learncyberin25days) | <span className="dbadge dbadge-easy">EASY</span> | Walkthrough | 🟢 Free | [Abrir](https://tryhackme.com/room/learncyberin25days) |
| [Advent of Cyber 2 \[2020\]](/tryhackme/rooms/adventofcyber2)    | <span className="dbadge dbadge-easy">EASY</span> | Walkthrough | 🟢 Free | [Abrir](https://tryhackme.com/room/adventofcyber2)     |
| [Advent of Cyber 2022](/tryhackme/rooms/adventofcyber4)          | <span className="dbadge dbadge-easy">EASY</span> | Walkthrough | 🟢 Free | [Abrir](https://tryhackme.com/room/adventofcyber4)     |
| [envizon](/tryhackme/rooms/envizon)                              | <span className="dbadge dbadge-easy">HARD</span> | Challenge   | 🟢 Free | [Abrir](https://tryhackme.com/room/envizon)            |

## Skills relacionadas

* [/skills/rce](/skills/rce)

***

← [Volver al glosario completo](/glosario)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"File Upload Vulnerabilities","termCode":"file-upload","inLanguage":"es","url":"https://rootea.es/skills/file-upload","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Glosario táctico de pentesting","url":"https://rootea.es/glosario"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"Máquinas HTB que practican File Upload Vulnerabilities","numberOfItems":16,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/htb/machines/linux/facil/bank","name":"Bank"},{"@type":"ListItem","position":2,"url":"https://rootea.es/htb/machines/linux/facil/beep","name":"Beep"},{"@type":"ListItem","position":3,"url":"https://rootea.es/htb/machines/linux/facil/blunder","name":"Blunder"},{"@type":"ListItem","position":4,"url":"https://rootea.es/htb/machines/windows/facil/bounty","name":"Bounty"},{"@type":"ListItem","position":5,"url":"https://rootea.es/htb/machines/windows/dificil/conceal","name":"Conceal"},{"@type":"ListItem","position":6,"url":"https://rootea.es/htb/machines/linux/dificil/falafel","name":"Falafel"},{"@type":"ListItem","position":7,"url":"https://rootea.es/htb/machines/linux/facil/late","name":"Late"},{"@type":"ListItem","position":8,"url":"https://rootea.es/htb/machines/linux/medio/meta","name":"Meta"},{"@type":"ListItem","position":9,"url":"https://rootea.es/htb/machines/linux/facil/nibbles","name":"Nibbles"},{"@type":"ListItem","position":10,"url":"https://rootea.es/htb/machines/linux/facil/opensource","name":"OpenSource"},{"@type":"ListItem","position":11,"url":"https://rootea.es/htb/machines/linux/dificil/overgraph","name":"OverGraph"},{"@type":"ListItem","position":12,"url":"https://rootea.es/htb/machines/linux/dificil/phoenix","name":"Phoenix"},{"@type":"ListItem","position":13,"url":"https://rootea.es/htb/machines/windows/medio/silo","name":"Silo"},{"@type":"ListItem","position":14,"url":"https://rootea.es/htb/machines/linux/dificil/talkative","name":"Talkative"},{"@type":"ListItem","position":15,"url":"https://rootea.es/htb/machines/linux/medio/thenotebook","name":"TheNotebook"},{"@type":"ListItem","position":16,"url":"https://rootea.es/htb/machines/linux/medio/timing","name":"Timing"}]}`}
</script>

*Última actualización: 2026-06-07*
