🧙Magic

https://app.hackthebox.com/machines/Magic

So we got a web page with a login page that is easily bypassed by a SQLI:

Login BypassHackTricks

We then try to upload PHP reverse shell:

But we get this pop up:

And when I try to upload JPG on PNG file, i have this one ?