There is a MySQL exploit that can be used to 'mask' the union attack. MySQL and a few other rdbms's allow a comment /* */ to be placed in the Query as a hint to MySQL to override it's determined course. This is being exploited by some kiddies out there. Read about the modification to the mainfile.php code that I'm testing and I welcome your tests too.

UPDATE 4/28/2004: The hackalert download file now includes this fix. There is no need to redownload if you have already applied the fix in the post mentioned above. Thanks to those who tested this!