diff --git a/pfsense/README.md b/pfsense/README.md
new file mode 100644
index 0000000..d924e97
--- /dev/null
+++ b/pfsense/README.md
@@ -0,0 +1,10 @@
+
+# pfSense Arbitrary File Write to RCE
+
+diag_routes.php in pfSense 2.5.2 allows sed data injection. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility.
+
+FOFA **query rule**: [app="pfSense"](https://fofa.info/result?qbase64=YXBwPSJwZlNlbnNlIg%3D%3D)
+
+# Demo
+
+![pfSense_Arbitrary_File_Write_to_RCE](pfSense_Arbitrary_File_Write_to_RCE.gif)
diff --git a/pfsense/pfSense_Arbitrary_File_Write_to_RCE.gif b/pfsense/pfSense_Arbitrary_File_Write_to_RCE.gif
new file mode 100644
index 0000000..1f799e4
Binary files /dev/null and b/pfsense/pfSense_Arbitrary_File_Write_to_RCE.gif differ