exploit-db-mirror/exploits/php/webapps/23020.txt

source: http://www.securityfocus.com/bid/8401/info

HostAdmin is prone to a path disclosure vulnerability. Passing invalid data to the HostAdmin site will cause an error message to be displayed, which contains installation path information.

http://www.example.com/pathofhostadmin/?page='