diff --git a/CRMEB/DaTong_sid_sqli/CRMEB_DaTong_sid_sqli.gif b/CRMEB/DaTong_sid_sqli/CRMEB_DaTong_sid_sqli.gif
new file mode 100644
index 0000000..109269a
Binary files /dev/null and b/CRMEB/DaTong_sid_sqli/CRMEB_DaTong_sid_sqli.gif differ
diff --git a/CRMEB/DaTong_sid_sqli/README.md b/CRMEB/DaTong_sid_sqli/README.md
new file mode 100644
index 0000000..f22b228
--- /dev/null
+++ b/CRMEB/DaTong_sid_sqli/README.md
@@ -0,0 +1,9 @@
+# CRMEB DaTong sid sqli
+
+CRMEB open version v4 is a free and open source mall system, UINAPP+thinkphp6 framework mall. The sid parameter under the path of CRMEB open version /api/products has unfiltered SQL statement splicing, resulting in SQL injection.
+
+FOFA **query rule**: [body="CRMEB" && body="/h5/js/app"](https://fofa.so/result?qbase64=Ym9keT0iQ1JNRUIiICYmIGJvZHk9Ii9oNS9qcy9hcHAi)
+
+# Demo
+
+![CRMEB_DaTong_sid_sqli](CRMEB_DaTong_sid_sqli.gif)
diff --git a/Chemex/CNVD-2021-15573/Chemex_Auth_File_Upload_CNVD_2021_15573.gif b/Chemex/CNVD-2021-15573/Chemex_Auth_File_Upload_CNVD_2021_15573.gif
new file mode 100644
index 0000000..255b8ff
Binary files /dev/null and b/Chemex/CNVD-2021-15573/Chemex_Auth_File_Upload_CNVD_2021_15573.gif differ
diff --git a/Chemex/CNVD-2021-15573/README.md b/Chemex/CNVD-2021-15573/README.md
new file mode 100644
index 0000000..ff955c4
--- /dev/null
+++ b/Chemex/CNVD-2021-15573/README.md
@@ -0,0 +1,9 @@
+# Chemex Auth File Upload CNVD-2021-15573
+
+Coffee pot Chemex is a free, open source, efficient and beautiful IT operation and maintenance management platform. Chemex has a background file upload vulnerability(default login admin:admin), which can be exploited by attackers to gain control of the server.
+
+FOFA **query rule**: [(title="咖啡壶" || body="让IT资产管理更加简单") && body="CreateDcat"](https://fofa.so/result?qbase64=KHRpdGxlPSLlkpbllaHlo7YiIHx8IGJvZHk9IuiuqUlU6LWE5Lqn566h55CG5pu05Yqg566A5Y2VIikgJiYgYm9keT0iQ3JlYXRlRGNhdCI%3D)
+
+# Demo
+
+![Chemex_Auth_File_Upload_CNVD_2021_15573](Chemex_Auth_File_Upload_CNVD_2021_15573.gif)
diff --git a/CirCarLife/CVE-2018-12634/CirCarLife_SCADA_4_3_Credential_Disclosure.gif b/CirCarLife/CVE-2018-12634/CirCarLife_SCADA_4_3_Credential_Disclosure.gif
new file mode 100644
index 0000000..4125d8b
Binary files /dev/null and b/CirCarLife/CVE-2018-12634/CirCarLife_SCADA_4_3_Credential_Disclosure.gif differ
diff --git a/CirCarLife/CVE-2018-12634/README.md b/CirCarLife/CVE-2018-12634/README.md
new file mode 100644
index 0000000..b9dedab
--- /dev/null
+++ b/CirCarLife/CVE-2018-12634/README.md
@@ -0,0 +1,10 @@
+# CirCarLife SCADA 4.3 Credential Disclosure
+
+Circontrol is a Spanish manufacturer that insists on developing innovative technologies to provide competitive and comprehensive products and solutions for eMobility and efficiency of parking lots. CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 has an information disclosure vulnerability, leaking information such as logs and configuration.
+
+FOFA **query rule**: [banner="CirCarLife Scada"](https://fofa.so/result?qbase64=YmFubmVyPSJDaXJDYXJMaWZlIFNjYWRhIg%3D%3D)
+
+# Demo
+
+![CirCarLife_SCADA_4_3_Credential_Disclosure](CirCarLife_SCADA_4_3_Credential_Disclosure.gif)
+
diff --git a/Dwsurvey/Dwsurvey_3_2_Arbitrary_File_Read/Dwsurvey_3_2_Arbitrary_File_Read.gif b/Dwsurvey/Dwsurvey_3_2_Arbitrary_File_Read/Dwsurvey_3_2_Arbitrary_File_Read.gif
new file mode 100644
index 0000000..e00a617
Binary files /dev/null and b/Dwsurvey/Dwsurvey_3_2_Arbitrary_File_Read/Dwsurvey_3_2_Arbitrary_File_Read.gif differ
diff --git a/Dwsurvey/Dwsurvey_3_2_Arbitrary_File_Read/README.md b/Dwsurvey/Dwsurvey_3_2_Arbitrary_File_Read/README.md
new file mode 100644
index 0000000..16dfcc4
--- /dev/null
+++ b/Dwsurvey/Dwsurvey_3_2_Arbitrary_File_Read/README.md
@@ -0,0 +1,10 @@
+# Dwsurvey 3.2 Arbitrary File Read
+
+DWSurvey is a convenient, efficient and stable survey questionnaire system, an open source questionnaire form system based on JAVA WEB. The filePath parameter of the ToHtmlServlet.java file in the dwsurvey-oss-v3.2.0 version has an arbitrary file reading vulnerability.
+
+FOFA **query rule**: [app="DIAOWEN-问卷表单系统"](https://fofa.so/result?qbase64=YXBwPSJESUFPV0VOLemXruWNt%2BihqOWNleezu%2Be7nyI%3D)
+
+# Demo
+
+![Dwsurvey_3_2_Arbitrary_File_Read](Dwsurvey_3_2_Arbitrary_File_Read.gif)
+
diff --git a/ECOA/ECOA_Building_System/ECOA_Building_System_multiple_vulnerabilities.gif b/ECOA/ECOA_Building_System/ECOA_Building_System_multiple_vulnerabilities.gif
new file mode 100644
index 0000000..cacafd3
Binary files /dev/null and b/ECOA/ECOA_Building_System/ECOA_Building_System_multiple_vulnerabilities.gif differ
diff --git a/ECOA/ECOA_Building_System/README.md b/ECOA/ECOA_Building_System/README.md
new file mode 100644
index 0000000..b85cccb
--- /dev/null
+++ b/ECOA/ECOA_Building_System/README.md
@@ -0,0 +1,9 @@
+# ECOA Building System multiple vulnerabilities
+
+ECOA Technologies, the company formerly known as ECOA Technologies, was established in Taiwan in 1993. The company specializes in BMS control products. There are multiple vulnerabilities in the ECOA automation system, including information leakage, directory traversal, file reading, etc.
+
+FOFA **query rule**: [body="ECOA" && title="ECOA"](https://fofa.so/result?qbase64=Ym9keT0iRUNPQSIgJiYgdGl0bGU9IkVDT0Ei)
+
+# Demo
+
+![ECOA_Building_System_multiple_vulnerabilities](ECOA_Building_System_multiple_vulnerabilities.gif)
diff --git a/Gurock/CVE-2021-40875/Gurock_Testrail_7_2_Information_leakage_CVE_2021_40875.gif b/Gurock/CVE-2021-40875/Gurock_Testrail_7_2_Information_leakage_CVE_2021_40875.gif
new file mode 100644
index 0000000..37e47c7
Binary files /dev/null and b/Gurock/CVE-2021-40875/Gurock_Testrail_7_2_Information_leakage_CVE_2021_40875.gif differ
diff --git a/Gurock/CVE-2021-40875/README.md b/Gurock/CVE-2021-40875/README.md
new file mode 100644
index 0000000..294c87b
--- /dev/null
+++ b/Gurock/CVE-2021-40875/README.md
@@ -0,0 +1,9 @@
+# Gurock Testrail 7.2 Information leakage CVE-2021-40875
+
+Testrail is a complete web-based test case management solution to efficiently manage, track, and organize your software testing efforts. Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.
+
+FOFA **query rule**: [title="Login - TestRail"](https://fofa.so/result?qbase64=dGl0bGU9IkxvZ2luIC0gVGVzdFJhaWwi)
+
+# Demo
+
+![Gurock_Testrail_7_2_Information_leakage_CVE_2021_40875](Gurock_Testrail_7_2_Information_leakage_CVE_2021_40875.gif)
diff --git a/Huahou/iRDM4000/README.md b/Huahou/iRDM4000/README.md
new file mode 100644
index 0000000..1d1744d
--- /dev/null
+++ b/Huahou/iRDM4000/README.md
@@ -0,0 +1,9 @@
+# iRDM4000 cookie bypass
+
+Hebei Huahou Tiancheng Environmental Technology Co., Ltd. is a professional manufacturer of environmental online monitoring equipment and a leading environmental monitoring system integrator. The iRDM4000 smart station room online supervision, diagnosis and configuration sub-station has cookie forgery, which leads to malicious login to the operation background.
+
+FOFA **query rule**: [body="iRDM4000"](https://fofa.so/result?qbase64=Ym9keT0iaVJETTQwMDAi)
+
+# Demo
+
+![iRDM4000_cookie_bypass](iRDM4000_cookie_bypass.gif)
diff --git a/Huahou/iRDM4000/iRDM4000_cookie_bypass.gif b/Huahou/iRDM4000/iRDM4000_cookie_bypass.gif
new file mode 100644
index 0000000..7d40857
Binary files /dev/null and b/Huahou/iRDM4000/iRDM4000_cookie_bypass.gif differ
diff --git a/OpenCats/CVE-2019-13358/OpenCats_9_4_2_XXE_CVE_2019_13358.gif b/OpenCats/CVE-2019-13358/OpenCats_9_4_2_XXE_CVE_2019_13358.gif
new file mode 100644
index 0000000..997394e
Binary files /dev/null and b/OpenCats/CVE-2019-13358/OpenCats_9_4_2_XXE_CVE_2019_13358.gif differ
diff --git a/OpenCats/CVE-2019-13358/README.md b/OpenCats/CVE-2019-13358/README.md
new file mode 100644
index 0000000..40cc1a3
--- /dev/null
+++ b/OpenCats/CVE-2019-13358/README.md
@@ -0,0 +1,9 @@
+# OpenCats 9.4.2 XXE CVE-2019-13358
+
+OpenCats is a leading free & open applicant tracking system.lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
+
+FOFA **query rule**: [app="opencats-Login"](https://fofa.so/result?qbase64=YXBwPSJvcGVuY2F0cy1Mb2dpbiI%3D)
+
+# Demo
+
+![OpenCats_9_4_2_XXE_CVE_2019_13358](OpenCats_9_4_2_XXE_CVE_2019_13358.gif)
diff --git a/Softneta/MedDream_Directory_Traversal/README.md b/Softneta/MedDream_Directory_Traversal/README.md
new file mode 100644
index 0000000..9ffa334
--- /dev/null
+++ b/Softneta/MedDream_Directory_Traversal/README.md
@@ -0,0 +1,10 @@
+# Softneta MedDream 6.7.11 Directory Traversal
+
+Softneta specializes in medical imaging and communication solutions to improve the quality of healthcare. The company was founded in 2007 and possesses 14+ years of experience in the development of medical devices for processing, visualization and transmission of diagnostic medical data. Softneta MedDream PACS Server Premium 6.7.1.1 nocache.php has Directory Traversal.
+
+FOFA **query rule**: [body="MedDream"](https://fofa.so/result?qbase64=Ym9keT0iTWVkRHJlYW0i)
+
+# Demo
+
+![Softneta_MedDream_6_7_11_Directory_Traversal](Softneta_MedDream_6_7_11_Directory_Traversal.gif)
+
diff --git a/Softneta/MedDream_Directory_Traversal/Softneta_MedDream_6_7_11_Directory_Traversal.gif b/Softneta/MedDream_Directory_Traversal/Softneta_MedDream_6_7_11_Directory_Traversal.gif
new file mode 100644
index 0000000..b5242b9
Binary files /dev/null and b/Softneta/MedDream_Directory_Traversal/Softneta_MedDream_6_7_11_Directory_Traversal.gif differ
diff --git a/Sophos/CVE-2020-25223/README.md b/Sophos/CVE-2020-25223/README.md
new file mode 100644
index 0000000..687e43c
--- /dev/null
+++ b/Sophos/CVE-2020-25223/README.md
@@ -0,0 +1,9 @@
+# Sophos UTM RCE CVE-2020-25223
+
+Sophos UTM is a soft routing equipment product developed by the British Sophos company that provides advanced next-generation cloud sandbox technology. A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11.
+
+FOFA **query rule**: [app="SOPHOS-UTM"](https://fofa.so/result?qbase64=YXBwPSJTT1BIT1MtVVRNIg%3D%3D)
+
+# Demo
+
+![Sophos_UTM_RCE_CVE_2020_25223](Sophos_UTM_RCE_CVE_2020_25223.gif)
diff --git a/Sophos/CVE-2020-25223/Sophos_UTM_RCE_CVE_2020_25223.gif b/Sophos/CVE-2020-25223/Sophos_UTM_RCE_CVE_2020_25223.gif
new file mode 100644
index 0000000..23c427c
Binary files /dev/null and b/Sophos/CVE-2020-25223/Sophos_UTM_RCE_CVE_2020_25223.gif differ