sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard
verified publisher icon sqlmapproject

Unhandled exception (#60d50081)

Open sqlmapreporter opened this issue 3 months ago • 1 comments 

Running version: 1.9.8.8#dev
Python version: 3.12.3
Operating system: Linux-5.15.167.4-microsoft-standard-WSL2-x86_64-with-glibc2.39
Command line: sqlmap.py -u ************************************************************************** -p ‘act’ –tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,ifnull2ifisnull,modsecurityversioned --y
Technique: None
Back-end DBMS: None

Traceback (most recent call last):
  File "sqlmap.py", line 222, in main
    start()
  File "lib/core/decorators.py", line 84, in _
    result = f(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^
  File "lib/controller/controller.py", line 607, in start
    injection = checkSqlInjection(place, parameter, value)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "lib/controller/checks.py", line 542, in checkSqlInjection
    errorResult = Request.queryPage(errorPayload, place, raise404=False)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "lib/core/decorators.py", line 84, in _
    result = f(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^
  File "lib/request/connect.py", line 1652, in queryPage
    return comparison(page, headers, code, getRatioValue, pageLength)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "lib/request/comparison.py", line 46, in comparison
    _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "lib/request/comparison.py", line 181, in _comparison
    ratio = round(seqMatcher.quick_ratio() if not kb.heavilyDynamic else seqMatcher.ratio(), 3)
                  ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/difflib.py", line 646, in quick_ratio
    avail[elt] = numb - 1
    ~~~~~^^^^^
TypeError: 'int' object does not support item assignment

sqlmapreporter avatar Sep 30 '25 13:09 sqlmapreporter

Your "command line" says:

Command line: sqlmap.py -u ************************************************************************** \
  -p ‘act’ –tamper="\
apostrophemask,\
apostrophenullencode,\
appendnullbyte,\
base64encode,\
between,\
bluecoat,\
chardoubleencode,\
charencode,\
charunicodeencode,\
concat2concatws,\
equaltolike,\
greatest,\
ifnull2ifisnull,\
modsecurityversioned" --y

But there is no --y option. Did you mean to paste --yuge? I ask in the interest of knowing exactly what the cmdline was.

Update 2: I invoked this command line against http://127.0.0.1:8440 (extra/vulnserver). I did not observe the same exception. I did however get some warnings about wrong order and inapplicability of certain tamper scripts, seeing as this invocation includes them all.

#!/bin/bash

./sqlmap.py -u http://localhost:9999/?id=1 -p 'id' \
  --tamper="\
apostrophemask,\
apostrophenullencode,\
appendnullbyte,\
base64encode,\
between,\
bluecoat,\
chardoubleencode,\
charencode,\
charunicodeencode,\
concat2concatws,\
equaltolike,\
greatest,\
ifnull2ifisnull,\
modsecurityversioned" \
  --y

Edit: Line breaks for long --tamper option w/bash equivalency

Edit: Update 2

mehdymehdywhatwhatt avatar Nov 04 '25 18:11 mehdymehdywhatwhatt