Fixes rapid7#4083, make the split nil-safe

In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.

This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.

Author: Tod Beardsley

modules/auxiliary/scanner/http/owa_login.rb

@@ -213,11 +213,15 @@ def try_user_pass(opts)
         return :Skip_pass
       end
     else
-       # these two lines are the authentication info
+       # The authentication info is in the cookies on this response
       cookies = res.get_cookies
-      sessionid = 'sessionid=' << cookies.split('sessionid=')[1].split('; ')[0]
-      cadata = 'cadata=' << cookies.split('cadata=')[1].split('; ')[0]
-      headers['Cookie'] = 'PBack=0; ' << sessionid << '; ' << cadata
+      sessionid_value = cookies.split('sessionid=')[1]
+      sessionid_value = sessionid_value.to_s.split('; ')[0]
+      sessionid_header = "sessionid=#{sessionid_value}"
+      cadata_value = cookies.split('cadata=')[1]
+      cadata_value = cadata_value.to_s.split('; ')[0]
+      cadata_header = "cadata=#{cadata_value}"
+      headers['Cookie'] = 'PBack=0; ' << sessionid_header << '; ' << cadata_header
     end
 
     begin