Another fix for wrong number of params

2025-12-29 10:59:03 +00:00 · 2025-10-17 20:18:48 +02:00
parent bce338bdff
commit 9a41707ec7
4 changed files with 15 additions and 15 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2204,19 +2204,19 @@ def safeStringFormat(format_, params):
            while True:
                match = re.search(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", retVal)
                if match:
-                    if count >= len(params):
-                        warnMsg = "wrong number of parameters during string formatting. "
-                        warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
-                        raise SqlmapValueException(warnMsg)
-                    else:
-                        try:
-                            retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count], retVal, 1)
-                        except re.error:
-                            retVal = retVal.replace(match.group(0), match.group(0) % params[count], 1)
-                        count += 1
+                    try:
+                        retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count % len(params)], retVal, 1)
+                    except re.error:
+                        retVal = retVal.replace(match.group(0), match.group(0) % params[count % len(params)], 1)
+                    count += 1
                else:
                    break

+            if count > len(params) and count % len(params):
+                warnMsg = "wrong number of parameters during string formatting. "
+                warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
+                raise SqlmapValueException(warnMsg)
+
    retVal = getText(retVal).replace(PARAMETER_PERCENTAGE_MARKER, '%')

    return retVal
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.10.1"
+VERSION = "1.9.10.2"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -222,7 +222,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
                forgedPayload = agent.extractPayload(payload) or ""
                forgedPayload = forgedPayload.replace(markingValue, unescapedCharValue)
-                forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue))
+                forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx))
                result = Request.queryPage(agent.replacePayload(payload, forgedPayload), timeBasedCompare=timeBasedCompare, raise404=False)
                incrementCounter(getTechnique())