diff --git a/CRMEB/DaTong_sid_sqli/README.md b/CRMEB/DaTong_sid_sqli/README.md
new file mode 100644
index 0000000..f22b228
--- /dev/null
+++ b/CRMEB/DaTong_sid_sqli/README.md
@@ -0,0 +1,9 @@
+# CRMEB DaTong sid sqli
+
+CRMEB open version v4 is a free and open source mall system, UINAPP+thinkphp6 framework mall. The sid parameter under the path of CRMEB open version /api/products has unfiltered SQL statement splicing, resulting in SQL injection.
+
+FOFA **query rule**: [body="CRMEB" && body="/h5/js/app"](https://fofa.so/result?qbase64=Ym9keT0iQ1JNRUIiICYmIGJvZHk9Ii9oNS9qcy9hcHAi)
+
+# Demo
+
+![CRMEB_DaTong_sid_sqli](CRMEB_DaTong_sid_sqli.gif)