diff --git a/Spring/CVE-2020-5410/CVE-2020-5410_1.jpg b/Spring/CVE-2020-5410/CVE-2020-5410_1.jpg
new file mode 100644
index 0000000..65ac389
Binary files /dev/null and b/Spring/CVE-2020-5410/CVE-2020-5410_1.jpg differ
diff --git a/Spring/CVE-2020-5410/CVE-2020-5410_2.jpg b/Spring/CVE-2020-5410/CVE-2020-5410_2.jpg
new file mode 100644
index 0000000..3e1d051
Binary files /dev/null and b/Spring/CVE-2020-5410/CVE-2020-5410_2.jpg differ
diff --git a/Spring/CVE-2020-5410/CVE-2020-5410_3.jpg b/Spring/CVE-2020-5410/CVE-2020-5410_3.jpg
new file mode 100644
index 0000000..958612f
Binary files /dev/null and b/Spring/CVE-2020-5410/CVE-2020-5410_3.jpg differ
diff --git a/Spring/CVE-2020-5410/CVE-2020-5410_4.jpg b/Spring/CVE-2020-5410/CVE-2020-5410_4.jpg
new file mode 100644
index 0000000..66c0e26
Binary files /dev/null and b/Spring/CVE-2020-5410/CVE-2020-5410_4.jpg differ
diff --git a/Spring/CVE-2020-5410/README.md b/Spring/CVE-2020-5410/README.md
new file mode 100644
index 0000000..44d6290
--- /dev/null
+++ b/Spring/CVE-2020-5410/README.md
@@ -0,0 +1,17 @@
+# CVE-2020-5410 Spring Cloud Config Server Directory Traversal
+
+Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
+
+**Affected Version**: Spring Cloud Config 2.2.x - 2.2.3, 2.1.x - 2.1.9, older unsupported versions
+
+**[FOFA](https://fofa.so/result?qbase64=YXBwPSJTcHJpbmdCb290Ig%3D%3D) query rule**: app="SpringBoot"
+
+# Demo
+
+![](CVE-2020-5410_1.jpg)
+
+![](CVE-2020-5410_2.jpg)
+
+![](CVE-2020-5410_3.jpg)
+
+![](CVE-2020-5410_4.jpg)
\ No newline at end of file