是否有任何原因会导致.php文件被远程回发命中,但MVC操作不会?

时间:2012-11-27 22:28:03

标签: php asp.net asp.net-mvc post postback

我在Windows服务器上有两个脚本,设置为从帖子接收数据。

一个是有效的PHP文件。

<?php   
echo "Hello! <br/> This is a Post Back script that writes to a text file!";

// retrieving information from Post Back
$accounting         = $_POST["accountingAmount"];
$accounting_txt     = "accounting: " . "$accounting" . "\n\n";
$address1           = $_POST["address1"];

// LOTS MORE FIELDS //

$address1_txt       = "address1: " . "$address1" . "\n\n";
"$recurPrice_txt" . "$referer_txt" . "$referringUrl_txt" . "$reservationId_txt" . "$responseDigest_txt" . "$start_date_txt" . "$state_txt" . "$sub_id_txt" . "$typId_txt" . "$username_txt" . "$zipcode_txt";

// write to a text file
$myFile = "postback.txt";
$fh = fopen($myFile, 'w') or die("can't open file");
$stringData = $message;
fwrite($fh, $stringData);
fclose($fh);
?>

ASP.NET MVC脚本是这样的:

[HttpPost]
    public ActionResult approved(FormCollection formValues)
    {           
            var context = new LSmixDbEntities();
            PaymentHistory ph = new PaymentHistory();
            StringBuilder s = new StringBuilder();
            foreach (string key in Request.Form.Keys)
            {
                s.AppendLine(key + ": " + Request.Form[key] + Environment.NewLine);
            }
            string formData = s.ToString();
    //save formData in db
    }

我通过将vs放在服务器本身并进行测试来测试,但操作甚至都没有启动。

远程回发是否有任何原因会导致.php文件被攻击,但MVC操作不会?

1 个答案:

答案 0 :(得分:1)

PHP脚本没有任何HTTP方法保护 - 它将在GET或POST请求中运行,而MVC引擎仅触发approved方法以响应POST请求(因为你有[HttpPost]属性)。我猜你只是用你的网络浏览器(总是会发出GET请求)来点击你的服务器,而不是使用工具来创建一个POST请求。