The screenshot in the article shows MD5() is returned as part of the error message from the web server, so it is probably also a part of the original server-side query.