我使用 curl 将数据发布到另一台服务器,在每次发布之间,我使用一个函数来获取隐藏字段比如"__VIEWSTATE"。它以前就像一个魅力,但他们更新了那里的网站,所以我重写了我的代码以使用新的字段,但是在最后一步,我收到错误:"视图状态 MAC 验证失败。"
如果我在网络浏览器中执行相同的步骤,它可以正常工作,我使用了一个插件来获取浏览器正在发送的帖子数据并将其与我的脚本发送的内容进行比较,它看起来是一样的。
我对 ASP.NET 的了解很少,以及我能在这里找到的有关该错误的所有信息建议对 ASP-NET 服务器上的更改进行建议。
所以我希望这里有人可以指导我找出原因它在浏览器中有100%的成功率,并且 curl 在该页面上的成功率为 0%,但是在以前的页面上使用相同的功能,100% 使用卷曲工作。
发布浏览器发送的数据:
__EVENTTARGET=
__EVENTARGUMENT=
__VIEWSTATE=%2FwEPDwUKLTk2MDAxNjU3MA9kFgJmD2QWAgIDD2QWDgIFD2QWAgIBDw8WAh4EVGV4dAUfRsO2cmV0YWdzZ3J1cHBlbiBpIEfDtnRlYm9yZyBBQmRkAgcPDxYEHwAFH0bDtnJldGFnc2dydXBwZW4gaSBHw7Z0ZWJvcmcgQUIeC05hdmlnYXRlVXJsBR1%2BL0NsaWVudENhcmQuYXNweD9DbGllbnRJRD05OGRkAgkPDxYCHgdWaXNpYmxlZ2RkAgsPDxYEHwAFI0JZR0cgJiBFTkVSR0lTRVJWSUNFIFPDlkRFUlTDllJOIEFCHwEFNH4vQ3VzdG9tZXJPdmVydmlldy5hc3B4P0NsaWVudElEPTk4JkN1c3RvbWVySUQ9MjY0NDBkZAINDw8WAh8CZ2RkAg8PDxYCHwAFE1JlZGlnZXJhIGFudsOkbmRhcmVkZAIVDw8WAh8CaGQWAgIDDxBkZBYBZmQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FFmN0bDAwJGJvZHkkY2hrSXNBY3RpdmUFHmN0bDAwJGJvZHkkY2hrSGFzU3VwZXJVc2VyUGVybQUfY3RsMDAkYm9keSRjaGtIYXNTdGF0aXN0aWNzUGVybQUkY3RsMDAkYm9keSRjaGtIYXNBbm51YWxSZXBvcnRTZXJ2aWNlBTBjdGwwMCRib2R5JGNoa0hhc0NvcnBvcmF0aW9uQ2hhcnRlclJlcG9ydFNlcnZpY2UFN2N0bDAwJGJvZHkkY2hrSGFzQ2VydGlmaWNhdGVPZlJlZ2lzdHJhdGlvblJlcG9ydFNlcnZpY2UFH2N0bDAwJGJvZHkkY2hrSGFzTW9uaXRvclNlcnZpY2UFK2N0bDAwJGJvZHkkY2hrSGFzRGlnaXRhbFNwYXJya2F0YWxvZ1NlcnZpY2UFJmN0bDAwJGJvZHkkY2hrSGFzUGVyc29ua29udHJvbGxTZXJ2aWNlBSVjdGwwMCRib2R5JGNoa0hhc0NvbXBhbnlSZXBvcnRTZXJ2aWNlBSRjdGwwMCRib2R5JGNoa0hhc1BlcnNvblJlcG9ydFNlcnZpY2UFHWN0bDAwJGJvZHkkY2J4UmVwb3J0c0NvbXBhbnkzBRxjdGwwMCRib2R5JGNieFJlcG9ydHNQZXJzb24zBRBjdGwwMCRtbHRDb250ZW50Dw9kZmR8z6SDM7weB%2BgWrg%2B8u3EnNPkQGA%3D%3D
__EVENTVALIDATION=%2FwEWFwKGsKOJCgK70ZWTDQLr%2BJWFDQKo1a2oCwKplfT%2BCgLRieqTAwKt6qHvAQK9rKu9AgKh%2F5ODDQKqtpTtDQLvv7CxBALa4vDGBQKCuafwDwKP1ZOjBgKsqdXxCgL6hbmQBwK%2BjaGZDQL%2FqY7cBALml%2FqcBgLYg53pDwL108DhBQLfzPnCAQLBr6dM9cK5UIsGFZ5ocJchTM8CHTFigfk%3D
ctl00%24body%24cmdSave=Spara
ctl00%24body%24txtName=BYGG+%26+ENERGISERVICE+S%C3%96DERT%C3%96RN+AB
ctl00%24body%24txtUserName=5566960836
ctl00%24body%24txtEmail=anonym%40telia.se
ctl00%24body%24txtDepartment=
ctl00%24body%24chkIsActive=on
ctl00%24body%24chkHasStatisticsPerm=on
ctl00%24body%24txtLoginName=5566960836
ctl00%24body%24txtPassword=stackoverflow
ctl00%24body%24chkHasAnnualReportService=on
ctl00%24body%24chkHasCorporationCharterReportService=on
ctl00%24body%24chkHasCertificateOfRegistrationReportService=on
ctl00%24body%24chkHasMonitorService=on
ctl00%24body%24chkHasDigitalSparrkatalogService=on
ctl00%24body%24chkHasPersonkontrollService=on
ctl00%24body%24chkHasCompanyReportService=on
ctl00%24body%24chkHasPersonReportService=on
ctl00%24body%24cbxReportsCompany3=on
ctl00%24body%24cbxReportsPerson3=on
ctl00%24body%24hidNewUser=1
我的脚本正在发送的发布数据
Array
(
[__EVENTTARGET] =>
[__EVENTARGUMENT] =>
[__VIEWSTATE] => /wEPDwUKLTk2MDAxNjU3MA9kFgJmD2QWAgIDD2QWDgIFD2QWAgIBDw8WAh4EVGV4dAUfRsO2cmV0YWdzZ3J1cHBlbiBpIEfDtnRlYm9yZyBBQmRkAgcPDxYEHwAFH0bDtnJldGFnc2dydXBwZW4gaSBHw7Z0ZWJvcmcgQUIeC05hdmlnYXRlVXJsBR1+L0NsaWVudENhcmQuYXNweD9DbGllbnRJRD05OGRkAgkPDxYCHgdWaXNpYmxlZ2RkAgsPDxYEHwAFI0JZR0cgJiBFTkVSR0lTRVJWSUNFIFPDlkRFUlTDllJOIEFCHwEFNH4vQ3VzdG9tZXJPdmVydmlldy5hc3B4P0NsaWVudElEPTk4JkN1c3RvbWVySUQ9MjY0NDBkZAINDw8WAh8CZ2RkAg8PDxYCHwAFE1JlZGlnZXJhIGFudsOkbmRhcmVkZAIVDw8WAh8CaGQWAgIDDxBkZBYBZmQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FFmN0bDAwJGJvZHkkY2hrSXNBY3RpdmUFHmN0bDAwJGJvZHkkY2hrSGFzU3VwZXJVc2VyUGVybQUfY3RsMDAkYm9keSRjaGtIYXNTdGF0aXN0aWNzUGVybQUkY3RsMDAkYm9keSRjaGtIYXNBbm51YWxSZXBvcnRTZXJ2aWNlBTBjdGwwMCRib2R5JGNoa0hhc0NvcnBvcmF0aW9uQ2hhcnRlclJlcG9ydFNlcnZpY2UFN2N0bDAwJGJvZHkkY2hrSGFzQ2VydGlmaWNhdGVPZlJlZ2lzdHJhdGlvblJlcG9ydFNlcnZpY2UFH2N0bDAwJGJvZHkkY2hrSGFzTW9uaXRvclNlcnZpY2UFK2N0bDAwJGJvZHkkY2hrSGFzRGlnaXRhbFNwYXJya2F0YWxvZ1NlcnZpY2UFJmN0bDAwJGJvZHkkY2hrSGFzUGVyc29ua29udHJvbGxTZXJ2aWNlBSVjdGwwMCRib2R5JGNoa0hhc0NvbXBhbnlSZXBvcnRTZXJ2aWNlBSRjdGwwMCRib2R5JGNoa0hhc1BlcnNvblJlcG9ydFNlcnZpY2UFHWN0bDAwJGJvZHkkY2J4UmVwb3J0c0NvbXBhbnkzBRxjdGwwMCRib2R5JGNieFJlcG9ydHNQZXJzb24zBRBjdGwwMCRtbHRDb250ZW50Dw9kZmR8z6SDM7weB+gWrg+8u3EnNPkQGA==
[__EVENTVALIDATION] => /wEWFwKGsKOJCgK70ZWTDQLr+JWFDQKo1a2oCwKplfT+CgLRieqTAwKt6qHvAQK9rKu9AgKh/5ODDQKqtpTtDQLvv7CxBALa4vDGBQKCuafwDwKP1ZOjBgKsqdXxCgL6hbmQBwK+jaGZDQL/qY7cBALml/qcBgLYg53pDwL108DhBQLfzPnCAQLBr6dM9cK5UIsGFZ5ocJchTM8CHTFigfk=
[ctl00$body$hidNewUser] => 1
[ctl00$body$cmdSave] => Spara
[ctl00$body$txtName] => BYGG & ENERGISERVICE SÖDERTÖRN AB
[ctl00$body$txtUserName] => 5566960836
[ctl00$body$txtEmail] => anonym@telia.se
[ctl00$body$txtDepartment] =>
[ctl00$body$chkIsActive] => 1
[ctl00$body$chkHasStatisticsPerm] => 1
[ctl00$body$txtLoginName] => 5566960836
[ctl00$body$txtPassword] => stackoverflow
[ctl00$body$chkHasAnnualReportService] => 1
[ctl00$body$chkHasCorporationCharterReportService] => 1
[ctl00$body$chkHasCertificateOfRegistrationReportService] => 1
[ctl00$body$chkHasMonitorService] => 1
[ctl00$body$chkHasDigitalSparrkatalogService] => 1
[ctl00$body$chkHasPersonkontrollService] => 1
[ctl00$body$chkHasCompanyReportService] => 1
[ctl00$body$chkHasPersonReportService] => 1
[ctl00$body$cbxReportsCompany3] => 1
[ctl00$body$cbxReportsPerson3] => 1
)
问题:
哪些客户端差异会触发"视图状态 MAC 验证失败"错误?
(注意:上面的 postdata 以 2 种方式进行了 Bean 操纵,首先我用"stackoverflow"替换了密码,我也用匿名替换了电子邮件地址的用户)
检查一下,看看在发布之前是否有一些javascript更改了值,并且为了在保存方面,也设置了引荐来源页面。
使用了错误的URL,从一开始就发送了正确的帖子数据,只是将其发送到错误的位置。如此简单,当你看错地方时仍然很难找到。