response_splitting.rb in arachni-0.4.2

- old
+ new

@@ -1,7 +1,7 @@
 =begin
-    Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
 
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at
 
@@ -29,29 +29,31 @@
 # @see http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
 #
 class Arachni::Modules::ResponseSplitting < Arachni::Module::Base
 
     def run
+        header_name = "X-CRLF-Safe-#{seed}"
+
         # the header to inject...
         # what we will check for in the response header
         # is the existence of the "x-crlf-safe" field.
-        # if we find it it means that the attack was succesfull
+        # if we find it it means that the attack was successful
         # thus site is vulnerable.
-        header = "\r\nX-CRLF-Safe: no"
+        header = "\r\n#{header_name}: no"
 
         # try to inject the headers into all vectors
         # and pass a block that will check for a positive result
         audit( header, param_flip: true, follow_location: false ) do |res, opts|
-            next if !res.headers_hash['X-CRLF-Safe'] || res.headers_hash['X-CRLF-Safe'].empty?
+            next if res.headers_hash[header_name].to_s.downcase != 'no'
             opts[:injected] = uri_encode( opts[:injected] )
             log( opts, res )
         end
     end
 
     def self.info
         {
-            name:        'ResponseSplitting',
+            name:        'Response Splitting',
             description: %q{Tries to inject some data into the webapp and figure out
                 if any of them end up in the response header.},
             elements:    [ Element::FORM, Element::LINK, Element::COOKIE, Element::HEADER ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
             version:     '0.1.7',
@@ -60,10 +62,10 @@
                 'OWASP'      => 'http://www.owasp.org/index.php/HTTP_Response_Splitting'
             },
             targets:     %w(Generic),
 
             issue:       {
-                name:            %q{Response splitting},
+                name:            %q{Response Splitting},
                 description:     %q{The web application includes user input
      in the response HTTP header.},
                 tags:            %w(response splitting injection header),
                 cwe:             '20',
                 severity:        Severity::MEDIUM,