From d8a76ebe34e62374e922660d4765232a4dfaa89d Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 11 Mar 2011 16:03:19 +0000
Subject: [PATCH] Minor bug fix for counting of entries for error-based and
 partial UNION query SQL injection techs

---
 lib/techniques/error/use.py        | 3 +--
 lib/techniques/inband/union/use.py | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index 26211c4f0..5547abe2a 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -227,8 +227,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                     stopLimit = conf.limitStop
 
             # Count the number of SQL query entries output
-            countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
-            countedExpression = expression.replace(expressionFields, countFirstField, 1)
+            countedExpression = expression.replace(expressionFields, "COUNT(*)", 1)
 
             if re.search(" ORDER BY ", expression, re.I):
                 untilOrderChar = countedExpression.index(" ORDER BY ")
diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py
index 7bf80505d..68817e5b4 100644
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -198,8 +198,7 @@ def unionUse(expression, unpack=True, dump=False):
                     stopLimit = conf.limitStop
 
             # Count the number of SQL query entries output
-            countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
-            countedExpression = expression.replace(expressionFields, countFirstField, 1)
+            countedExpression = expression.replace(expressionFields, "COUNT(*)", 1)
 
             if re.search(" ORDER BY ", expression, re.I):
                 untilOrderChar = countedExpression.index(" ORDER BY ")