SHTML files are processed by the server. If the view parameter is not sanitized, a malicious user might try: inurl:view index.shtml?page=../../../../etc/passwd If the server returns the password file, the hotel's entire server is compromised.
However, using such a specific query might not yield the most helpful results, especially if you're simply looking to book a hotel room. Instead, here are some effective and straightforward strategies: inurl view indexshtml hotel rooms full
How to Detect Hidden Cameras: 8 Ways to Protect Your Privacy SHTML files are processed by the server