filename="logo2.php%00.png”
%00 > terminate all things after this
A "magic" file in the context of web security, is a file that helps the server recognize the file type of an uploaded file.
Most operating systems and many programs use the first few bytes of a file, known as the "magic number", to determine its type. For example, JPEG files start with the byte sequence FF D8 FF, PNG files with 89 50 4E 47, and so on.
A server that is incorrectly configured may only check the file extension, rather than the file's magic number, to determine its type. In this case, an attacker could upload a malicious script with an innocuous file extension like .jpg. The server, seeing the .jpg extension, would treat it as an image file and allow the upload, potentially leading to a security vulnerability.
using alternative extension
.php3, .php4, .php5, .php7, .php8
.phtml
.inc