我在Windows服务器上有两个脚本,设置为从帖子接收数据。
一个是有效的PHP文件。
<?php
echo "Hello! <br/> This is a Post Back script that writes to a text file!";
// retrieving information from Post Back
$accounting = $_POST["accountingAmount"];
$accounting_txt = "accounting: " . "$accounting" . "\n\n";
$address1 = $_POST["address1"];
// LOTS MORE FIELDS //
$address1_txt = "address1: " . "$address1" . "\n\n";
"$recurPrice_txt" . "$referer_txt" . "$referringUrl_txt" . "$reservationId_txt" . "$responseDigest_txt" . "$start_date_txt" . "$state_txt" . "$sub_id_txt" . "$typId_txt" . "$username_txt" . "$zipcode_txt";
// write to a text file
$myFile = "postback.txt";
$fh = fopen($myFile, 'w') or die("can't open file");
$stringData = $message;
fwrite($fh, $stringData);
fclose($fh);
?>
ASP.NET MVC脚本是这样的:
[HttpPost]
public ActionResult approved(FormCollection formValues)
{
var context = new LSmixDbEntities();
PaymentHistory ph = new PaymentHistory();
StringBuilder s = new StringBuilder();
foreach (string key in Request.Form.Keys)
{
s.AppendLine(key + ": " + Request.Form[key] + Environment.NewLine);
}
string formData = s.ToString();
//save formData in db
}
我通过将vs放在服务器本身并进行测试来测试,但操作甚至都没有启动。
远程回发是否有任何原因会导致.php文件被攻击,但MVC操作不会?
答案 0 :(得分:1)
PHP脚本没有任何HTTP方法保护 - 它将在GET或POST请求中运行,而MVC引擎仅触发approved
方法以响应POST请求(因为你有[HttpPost]
属性)。我猜你只是用你的网络浏览器(总是会发出GET请求)来点击你的服务器,而不是使用工具来创建一个POST请求。