From 4e0e64d06bbd7c66506c2d2bfeb854c8a546fb4f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 31 Oct 2014 20:28:37 +0100 Subject: [PATCH] Bug fix for DNS Exfiltration in PgSQL case ('invalid URI') --- lib/core/agent.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 2d6146c3b..9a33194bb 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -993,7 +993,7 @@ class Agent(object): """ _ = re.escape(PAYLOAD_DELIMITER) - return re.sub("(%s.*?%s)" % (_, _), ("%s%s%s" % (PAYLOAD_DELIMITER, payload, PAYLOAD_DELIMITER)).replace("\\", r"\\"), value) if value else value + return re.sub("(?s)(%s.*?%s)" % (_, _), ("%s%s%s" % (PAYLOAD_DELIMITER, payload, PAYLOAD_DELIMITER)).replace("\\", r"\\"), value) if value else value def runAsDBMSUser(self, query): if conf.dbmsCred and "Ad Hoc Distributed Queries" not in query: