While harder to detect, there are still some instances of websites exploitable via partially blind SQL injection. For the purposes of this blog we’re going to call the website AngryGrrl’s Sock Puppets. It sells a variety of sock puppets of different media types. There is an extensive catalog even. Who knew?
On the main page of the website the search function of the database was not properly setup. By typing in ' union select master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins;-- and hitting the submit button the follow page popped up on the webpage.