CODEWITHSUNDEEP
javascripthtmlcsscode-injection
X078
X078

Reputation: 25

Code-inject a switch's webview login (Alcatel-Lucent)

Main information:

what I am trying to accomplish

What I am doing is trying to get through the WebView login screen through any means. It is accessible via HTTP and HTTPS if of any help.
I have tried stuff like simple injection scripts, but I do not really understand the languages behind them except HTML. I can't use developer tools, but I'm trying to find the data that is posted to _self and record it to a text file.

Here is the site's code, as provided by the view-source: protocol:


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>Webview Logon Page</title>
<style type="text/css">
body    {
    margin:0px;
    background:#5C5C5C;
    color:#FFFFFF;
    font-family:Verdana, Arial, Helvetica, Fixed;
    font-weight:bold;
    font-size:10pt;
}
table   {   
    border-collapse:collapse;
    border-style:none;
  margin:0px; 
  width:100%;
  padding:0px;
}
table.formTable { margin:35px; width:auto; }
td  {
    background:#6850A2;
    color:#FFFFFF;
    font-family:Verdana, Arial, Helvetica, Fixed;
    font-weight:bold;
    font-size:10pt;
    text-align:left;
    vertical-align:top;
    white-space:nowrap;
}
td.spacer {
    background:#000000;
  font-size:20pt;
    text-align:right;
    padding:10px;
    width:25%;
}
td.label {
    text-align:right;
    height:30px;
    padding:0px 10px 25px 10px;
}
td.input { height:30px; padding:0px 10px 5px 10px; }
td.data { 
    font-size:11pt;
    height:30px;
    padding:30px 10px;
}
</style>
<script type="text/javascript">
if (self != top) 
{
    if ( location.protocol == "http:" )
      top.location = "http://192.168.0.1/web/content/login.html"
    if ( location.protocol == "https:" )
      top.location = "https://192.168.0.1/web/content/login.html"
}

function TopLoader()
{
     if ( (window.name == "configWin") || (window.name == "helpWin") || (window.name == "addWin") )
   {
        window.opener.top.location = "login.html";
        window.self.close();
   }

     /* Display pre-banner message if file is present
      * Make sure to use single quotes. Double quotes might
      * break JavaScripts.
      */
    var message = '';

    /* Using vi to remove text from pre_banner.txt can leave some sort of whitespace */
    if  (message != '')
          alert(message);
}
</script>
<script type="text/javascript" src="/web/content/scripts/browsercheck.js"></script>
</head>

<body onLoad="checkBrowser(); TopLoader(); document.forms[0].elements[0].focus();">

<FORM method="POST" target="_self" ACTION="/web/content/login.html">
<table>
  <tr>
      <td class="spacer" rowspan="10">WebView</td>
      <td><img border="0" src="/oem/content/banner.jpg" nosave height="54"></td>
  </tr>
  <tr>
    <td class="data"><!--webbot bot="HTMLMarkup" startspan -->
    <!--webbot bot="HTMLMarkup" endspan -->&nbsp;</td>
  </tr>
  <tr>
    <td>
        <table class="formTable">
        <tr>
          <td class="label">User Name</td>
          <td class="input"><INPUT type="text" name="userName" SIZE="30" MAXLENGTH="63" VALUE=""></td>
        </tr>
        <tr>
          <td class="label">Password</td>
          <td class="input"><INPUT type="password" name="password" SIZE="30" MAXLENGTH="40" VALUE=""></td>
        </tr>
        <tr>
          <td style="text-align:center;" colspan="2"><INPUT type="submit" name="B1" VALUE="Login"></td>
        </tr>
      </table>
      </td>
  </tr>
  <tr>
    <td class="data" style="color:#800000;">
      <script type="text/javascript">
        var errMsg="";
        document.write(errMsg==""?"&nbsp;":("<u>Error</u>&nbsp;-&nbsp;" + errMsg));
      </script>
    </td>
 </tr>
</table>
</FORM>

</body>
</html>

You may be wondering, "Why are you doing this, chrom?", simply for fun. I just want something to learn and do during class in my free time.

If you have any methods to try and get through the security layer, I will try them; except if I already have tried it.

Same thing with my last few posts - I'm not that fluent with this category of stuff, so if you need more information, feel free to ask.

Upvotes: 0

Views: 26

Answers (0)

Related Questions