[C

[SQLmapTester]

[CRITICAL] wrong number of parameters during string formatting

Place: (custom) POST
Parameter: #1*
Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)

Payload: login=' AND 3394=BENCHMARK(10000000,MD5(0x7a4c5a52)) AND 'Swfw'='Swfw'&submit=%ce%f2%ef%f0%e0%e2%e8%f2%fc

[18:04:12] [WARNING] changes made by tampering scripts are not included in shown
payload content(s)
[18:04:12] [INFO] testing MySQL
[18:04:12] [INFO] confirming MySQL
[18:04:13] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 4.4.7
back-end DBMS: MySQL < 5.0.0
[18:04:13] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell> select user();
[18:04:20] [INFO] fetching SQL SELECT statement query output: 'select user()'
[18:04:20] [WARNING] multi-threading is considered unsafe in time-based data ret
rieval. Going to switch it off automatically
[18:04:20] [CRITICAL] wrong number of parameters during string formatting

[*] shutting down at 18:04:21

[stamparm]

Have you changed anything in source code (e.g. xml/payloads.xml)? Do you get anything with git diff?

[stamparm]

It would be great if you could add this to the sqlmap.py (line 104-107):

    except SqlmapBaseException, ex:
        errMsg = getUnicode(ex.message)
        logger.critical(errMsg)
        errMsg = unhandledExceptionMessage()
        logger.critical(errMsg)
        kb.stickyLevel = logging.CRITICAL
        dataToStdout(setColor(traceback.format_exc()))
        sys.exit(1)

and report back the new error message you get

[stamparm]

Can you please copy/paste the whole request file you've used (2.txt)? I really can't reproduce this one.

Have you used that piece of code that I've told you to (inside sqlmap.py)?