Lobsang, I recommend you disable this immediately.
I loaded a file called putty.exe just to see what would happen. putty.exe is not malicious by the way.
Your script said this:
only accepts files who’s extensions are .jpg, .jpeg, or, .gif
However, http://notails.com/images/ has that file in it’s directory listing.
You are opening your webserver to all sorts of malicious, nasty possibilities.
I seriously recommend you take it down and cleanse that directory immediately. Then you really need to rewrite your code to NOT allow files as I recommended in your other thread by checking the MIME type of the file and not just the extension.
Then if you don’t want the file because it’s not the right MIME type, UNLINK it (or better yet, don’t even move it), not just send back a message saying it’s unacceptable but allow it in the file system.
