Very nice idea! In connection with my payload which was `@order@ > CONV(HEX( substr( pw , @offset@ , 1 ) ), 16, 10)` and the offset was created as an arithmetic equation using digits from `{0,1,6,7,8}` we can get `O(1)` for each letter, just by doing `flag=0&hi= | CONV(HEX( substr( pw , @offset@ , 1 ) ), 16, 10)`!