Community discussions

 
loveman
Member
Member
Topic Author
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Anyone can check the login webpage hotspot from attack codes!

Wed Aug 28, 2019 10:44 am

Hello everyone,
I have free login webpage for hotspot "template",
What is the correct way to find out if it is harmful or the presence of codes may cause harm to users or may be harmful may cause hacking of users' devices, I searched for a design ready for Hotspot page, but I do not know if the page is fake? I will list the codes below in order to make sure by knowing whether the page is safe or not, taking into account the scrutiny through the codes and I trust you!

1- login.html
<!DOCTYPE html>
<html lang="en-US">
   <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0" />
      <title>NET</title>
      <link rel="stylesheet" href="css/components.css">
      <link rel="stylesheet" href="css/icons.css">
      <link rel="stylesheet" href="css/responsee.css">
      <link rel="stylesheet" href="owl-carousel/owl.carousel.css">
      <link rel="stylesheet" href="owl-carousel/owl.theme.css">
      <!-- CUSTOM STYLE -->
      <link rel="stylesheet" href="css/template-style.css">
      <script type="text/javascript" src="js/jquery-1.8.3.min.js"></script>
      <script type="text/javascript" src="js/jquery-ui.min.js"></script>    
   </head>
   <body class="size-1140">
$(if chap-id)
	<form name="sendin" action="$(link-login-only)" method="post">
		<input type="hidden" name="username" />
		<input type="hidden" name="password" />
		<input type="hidden" name="dst" value="$(link-orig)" />
		<input type="hidden" name="popup" value="true" />
	</form>
	
	<script type="text/javascript" src="/md5.js"></script>
	<script type="text/javascript">
	<!--
	    function doLogin() {
		document.sendin.username.value = document.login.username.value;
		document.sendin.password.value = hexMD5('$(chap-id)' + document.login.password.value + '$(chap-challenge)');
		document.sendin.submit();
		return false;
	    }
	//-->
	</script>
$(endif)
      <!-- TOP NAV WITH LOGO -->
      <header>
         <nav>
            <div class="line">
               <div class="s-11 m-7 l-5 center" style="padding:4%">
                  <img src="images/logo.png">
               </div>
           </div>
         </nav>
      </header>
      <section>
         <div id="first-block">
            <div class="line">
            	<div class="s-11 m-7 l-4 center">
                  <h4 class="text-size-20 margin-bottom-20 text-dark text-center">Wi-fi Login</h4>
                  <form name="login" class="customform" action="$(link-login-only)" method="post"
                  $(if chap-id) onSubmit="return doLogin()" $(endif)>
                  <input type="hidden" name="dst" value="$(link-orig)" />
                  <input type="hidden" name="popup" value="true" />
                    <div class="s-12"> 
                      <input name="username" placeholder="Username" type="text">
                    </div>
                    <div class="s-12"> 
                      <input name="password" placeholder="Password" type="password">
                    </div>
                    <div class="s-12"><button class="s-12 submit-form button background-primary text-white" type="submit">L O G I N</button></div>
                    
                  </form>
                  $(if error)<br /><div style="color: #FF8080; font-weight: bold">$(error)</div>$(endif)
                </div>
            </div>
            
            
         </div>
         <div id="fourth-block">
            <div class="line">
            <h2>Wireless Internet Hotspot</h2>
            </div>
         </div>
      </section>
      <!-- FOOTER -->
      <footer>
         <div class="line">
            <div class="s-12 l-12">
               <p><strong>test</strong><br>

</p>
            </div>
         </div>
      </footer>
      <script type="text/javascript" src="js/responsee.js"></script>
   </body>
</html>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2- alogin.html
<html>
<head>
<title>NET > redirect</title>
<meta http-equiv="refresh" content="2; url=$(link-redirect)">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
<style type="text/css">
<!--
textarea,input,select {
	background-color: #FDFBFB;
	border: 1px #BBBBBB solid;
	padding: 2px;
	margin: 1px;
	font-size: 14px;
	color: #808080;
}

body{ color: #737373; font-size: 12px; font-family: verdana; }

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 12px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 12px; color: #7A7A7A; }

-->
</style>
<script language="JavaScript">
<!--
    function startClock() {
        $(if popup == 'true')
        open('$(link-status)', 'hotspot_status', 'toolbar=0,location=0,directories=0,status=0,menubars=0,resizable=1,width=290,height=200');
	$(endif)
	location.href = '$(link-redirect)';
    }
//-->
</script>
</head>
<body onLoad="startClock()">
<table width="100%" height="100%">
<tr>
	<td align="center" valign="middle">
	You are logged in
	<br><br>
	If nothing happens, click <a href="$(link-redirect)">here</a></td>
</tr>
</table>
</body>
</html>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
3- error.html
<html>
<head>
<title>NET > error</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
<style type="text/css">
<!--
textarea,input,select {
	background-color: #FDFBFB;
	border: 1px #BBBBBB solid;
	padding: 2px;
	margin: 1px;
	font-size: 14px;
	color: #808080;
}

body{ color: #737373; font-size: 12px; font-family: verdana; }

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 12px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 12px; color: #7A7A7A; }

-->
</style>
</head>
<body>
<table width="100%" height="100%">

<tr>
<td align="center" valign="middle">
Hotspot ERROR: $(error)<br>
<br>
Login page: <a href="$(link-login)">$(link-login)</a>
</td>
</tr>
</table>
</body>
</html>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>
4- logout.html
<html>
<head>
<title>NET > logout</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
<style type="text/css">
<!--
textarea,input,select {
	background-color: #FDFBFB;
	border: 1px #BBBBBB solid;
	padding: 2px;
	margin: 1px;
	font-size: 14px;
	color: #808080;
}

.tabula{
 
border-width: 1px; 
border-collapse: collapse; 
border-color: #c1c1c1; 
background-color: transparent;
font-family: verdana;
font-size: 11px;
}

body{ color: #737373; font-size: 12px; font-family: verdana; }

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 12px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 12px; padding: 4px;}

-->
</style>
</head>

<body>
<script language="JavaScript">
<!--
    function openLogin() {
	if (window.name != 'hotspot_logout') return true;
	open('$(link-login)', '_blank', '');
	window.close();
	return false;
    }
//-->
</script>

<table width="100%" height="100%">

<tr>
<td align="center" valign="middle">
<b>you have just logged out</b> <br><br>
<table class="tabula" border="1">  
<tr><td align="right">user name</td><td>$(username)</td></tr>
<tr><td align="right">IP address</td><td>$(ip)</td></tr>
<tr><td align="right">MAC address</td><td>$(mac)</td></tr>
<tr><td align="right">session time</td><td>$(uptime)</td></tr>
$(if session-time-left)
<tr><td align="right">time left</td><td>$(session-time-left)</td></tr>
$(endif)
<tr><td align="right">bytes up/down:</td><td>$(bytes-in-nice) / $(bytes-out-nice)</td></tr>
</table>
<br>
<form action="$(link-login)" name="login" onSubmit="return openLogin()">
<input type="submit" value="log in">
</form>
</td>
</table>
</body>
</html>
>>>>>>>>>>>>>>>>>>>>>>>>
5- radvert.html
<html>
<head>
<title>NET > advertisement</title>
<meta http-equiv="refresh" content="2; url=$(link-orig)">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
<style type="text/css">
<!--
textarea,input,select {
	background-color: #FDFBFB;
	border: 1px #BBBBBB solid;
	padding: 2px;
	margin: 1px;
	font-size: 14px;
	color: #808080;
}

body{ color: #737373; font-size: 12px; font-family: verdana; }

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 12px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 12px; color: #7A7A7A; }

-->
</style>
<script language="JavaScript">
<!--
    var popup = '';
    function openOrig() {
	if (window.focus) popup.focus();
	location.href = '$(link-orig)';
    }
    function openAd() {
	location.href = '$(link-redirect)';
    }
    function openAdvert() {
	if (window.name != 'hotspot_advert') {
		popup = open('$(link-redirect)', 'hotspot_advert', '');
		setTimeout("openOrig()", 1000);
		return;
	}
	setTimeout("openAd()", 1000);
    }
//-->
</script>
</head>
<body onLoad="openAdvert()">
<table width="100%" height="100%">
<tr>
	<td align="center" valign="middle">
	Advertisement.
	<br><br>
	If nothing happens, open
	<a href="$(link-redirect)" target="hotspot_advert">advertisement</a>
	manually.
	</td>
</tr>
</table>
</body>
</html>
>>>>>>>>>>>>>>>>>>>>
6- redirect.html
$(if http-status == 302)Hotspot redirect$(endif)
$(if http-header == "Location")$(link-redirect)$(endif)
<html>
<head>
<title>...</title>
<meta http-equiv="refresh" content="0; url=$(link-redirect)">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
<body>
</body>
</html>
>>>>>>>>>>>>>>>>>>>>>
7- rlogin.html
$(if http-status == 302)Hotspot login required$(endif)
$(if http-header == "Location")$(link-redirect)$(endif)
<html>
<!--
<?xml version="1.0" encoding="UTF-8"?>
  <WISPAccessGatewayParam
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://$(hostname)/xml/WISPAccessGatewayParam.xsd">
    <Redirect>
	<AccessProcedure>1.0</AccessProcedure>
	<AccessLocation>$(location-id)</AccessLocation>
	<LocationName>$(location-name)</LocationName>
	<LoginURL>$(link-login-only)?target=xml</LoginURL>
	<MessageType>100</MessageType>
	<ResponseCode>0</ResponseCode>
    </Redirect>
  </WISPAccessGatewayParam>
-->
<head>
<title>...</title>
<meta http-equiv="refresh" content="0; url=$(link-redirect)">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
<body>
</body>
</html>
>>>>>>>>>>>>>>>>>>
8- status.html
<html>
<head>
<title>NET > status</title>
$(if refresh-timeout)
<meta http-equiv="refresh" content="$(refresh-timeout-secs)">
$(endif)
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
<style type="text/css">
<!--
textarea,input,select {
	background-color: #FDFBFB;
	border: 1px #BBBBBB solid;
	padding: 2px;
	margin: 1px;
	font-size: 14px;
	color: #808080;
}

.tabula{
 
border-width: 1px; 
border-collapse: collapse; 
border-color: #c1c1c1; 
background-color: transparent;
font-family: verdana;
font-size: 11px;
}

body{ color: #737373; font-size: 12px; font-family: verdana; }

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 12px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 12px; padding: 4px;}

-->
</style>
<script language="JavaScript">
<!--
$(if advert-pending == 'yes')
    var popup = '';
    function focusAdvert() {
	if (window.focus) popup.focus();
    }
    function openAdvert() {
	popup = open('$(link-advert)', 'hotspot_advert', '');
	setTimeout("focusAdvert()", 1000);
    }
$(endif)
    function openLogout() {
	if (window.name != 'hotspot_status') return true;
        open('$(link-logout)', 'hotspot_logout', 'toolbar=0,location=0,directories=0,status=0,menubars=0,resizable=1,width=280,height=250');
	window.close();
	return false;
    }
//-->
</script>
<script language="JavaScript">

function readablizeBytes(bytes) {
var s = ['bytes', 'kb', 'MB', 'GB', 'TB', 'PB'];
var e = Math.floor(Math.log(bytes)/Math.log(1024));
return (bytes/Math.pow(1024, Math.floor(e))).toFixed(2)+" "+s[e];
}

</script>
</head>
<body bottommargin="0" topmargin="0" leftmargin="0" rightmargin="0"
$(if advert-pending == 'yes')
	onLoad="openAdvert()"
$(endif)
>
<table width="100%" height="100%">

<tr>
<td align="center" valign="middle">
<form action="$(link-logout)" name="logout" onSubmit="return openLogout()">
<table border="1" class="tabula">
$(if login-by == 'trial')
	<br><div style="text-align: center;">Welcome trial user!</div><br>
$(elif login-by != 'mac')
	<br><div style="text-align: center;">Welcome $(username)!</div><br>
$(endif)
	<tr><td align="right">IP address:</td><td>$(ip)</td></tr>
	<tr><td align="right">bytes up/down:</td><td>$(remain-bytes-in) / <script language="JavaScript">document.write(readablizeBytes($(remain-bytes-out)));</script></td></tr>
$(if session-time-left)
	<tr><td align="right">connected / left:</td><td>$(uptime) / $(session-time-left)</td></tr>
$(else)
	<tr><td align="right">connected:</td><td>$(uptime)</td></tr>
$(endif)
$(if blocked == 'yes')
	<tr><td align="right">status:</td><td><div style="color: #FF8080">
<a href="$(link-advert)" target="hotspot_advert">advertisement</a> required</div></td>
$(elif refresh-timeout)
	<tr><td align="right">status refresh:</td><td>$(refresh-timeout)</td>
$(endif)

</table>
$(if login-by-mac != 'yes')
<br>
<!-- user manager link. if user manager resides on other router, replace $(hostname) by its address
<button onclick="document.location='http://$(hostname)/user?subs='; return false;">status</button>
<!-- end of user manager link -->
<input type="submit" value="log off">
$(endif)
</form>

</td>
</table>
</body>
</html>
Any one can help me to check all the codes from any attack or hack!
The page downloaded from:
"https://www.4shared.com/zip/ysDaVHVpei/Login-Page.html"
THANKS
Last edited by krisjanisj on Wed Aug 28, 2019 10:47 am, edited 1 time in total.
Reason: Leave one line free above and below [code][/code] block for it to properly work
 
loveman
Member
Member
Topic Author
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Re: Anyone can check the login webpage hotspot from attack codes!

Wed Aug 28, 2019 4:03 pm

Any help?
 
loveman
Member
Member
Topic Author
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Re: Anyone can check the login webpage hotspot from attack codes!

Thu Aug 29, 2019 11:06 am

Please i want advice
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24189
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Anyone can check the login webpage hotspot from attack codes!

Thu Aug 29, 2019 11:07 am

I don't think this forum has a lot of professional web developers
No answer to your question? How to write posts
 
loveman
Member
Member
Topic Author
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Re: Anyone can check the login webpage hotspot from attack codes!

Fri Aug 30, 2019 1:18 am

I don't think this forum has a lot of professional web developers
But it is impossible for users or designers Hotspot service does not know in the topics of page security!
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Anyone can check the login webpage hotspot from attack codes!

Fri Aug 30, 2019 6:09 am

I don't think this forum has a lot of professional web developers
But it is impossible for users or designers Hotspot service does not know in the topics of page security!
This is a forum for routers. Why are you even asking for html configuration help here? Take this to a forum for web designers.
Would be about like asking on a Ford automobile forum how to trim sails on a sailing yacht.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24189
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Anyone can check the login webpage hotspot from attack codes!

Fri Aug 30, 2019 7:54 am

Usually it is not the same person who is installing the hotspot router, and also doing the web programming, and also making sure the HTML code is valid and safe against injections.
You should ask in another forum.
No answer to your question? How to write posts
 
loveman
Member
Member
Topic Author
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Re: Anyone can check the login webpage hotspot from attack codes!

Fri Aug 30, 2019 8:37 am

Usually it is not the same person who is installing the hotspot router, and also doing the web programming, and also making sure the HTML code is valid and safe against injections.
You should ask in another forum.
Do you have a forum to suggest me, And I'am to ask the question there.
 
loveman
Member
Member
Topic Author
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Re: Anyone can check the login webpage hotspot from attack codes!

Fri Aug 30, 2019 8:39 am

I don't think this forum has a lot of professional web developers
But it is impossible for users or designers Hotspot service does not know in the topics of page security!
This is a forum for routers. Why are you even asking for html configuration help here? Take this to a forum for web designers.
Would be about like asking on a Ford automobile forum how to trim sails on a sailing yacht.
I apologize,
Do you have a forum to suggest me, And I'am to ask the question there.
 
qamtester
just joined
Posts: 9
Joined: Sun Aug 25, 2019 1:30 am

Re: Anyone can check the login webpage hotspot from attack codes!

Fri Aug 30, 2019 10:05 pm

loveman,

I guess while this forum would not be the best place to ask for penetration testing for your hotspot app, I do think I have a solution. Some websites offer for you to post a job and let people bid on what they will do for you. Maybe "Fivrr" is the best site for your post. Hope this helps and best of luck.
 
loveman
Member
Member
Topic Author
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Re: Anyone can check the login webpage hotspot from attack codes!

Fri Aug 30, 2019 11:42 pm

loveman,

I guess while this forum would not be the best place to ask for penetration testing for your hotspot app, I do think I have a solution. Some websites offer for you to post a job and let people bid on what they will do for you. Maybe "Fivrr" is the best site for your post. Hope this helps and best of luck.
Thank you for your replay,
If you mean "Fiverr" this website charge 5$, I need website or forum for free and have the best developer.
Thanks

Who is online

Users browsing this forum: MSN [Bot] and 21 guests