diff --git a/青藤云 EDR 权限提升漏洞.md b/青藤云 EDR 权限提升漏洞.md
new file mode 100644
index 0000000..e5a2dca
--- /dev/null
+++ b/青藤云 EDR 权限提升漏洞.md	
@@ -0,0 +1,29 @@
+## 青藤云 EDR 权限提升漏洞
+```
+青藤的测试 POC
+local function save_python_info(ctx, info_table)
+local proc_names = {"python.exe"}
+local procs_ret = ctx.get_proc_list_info_rely(ctx, proc_names)
+if next(procs_ret) == nil then
+return
+end
+-- call get version
+-- ... 省略无关代码
+get_python_ver(proc) -- ... 省略无关代码
+end
+function get_python_ver(proc)
+if proc == nil then
+return "" end
+
+if file_api.file_exists(proc.path) then
+local cmdline = "\"" .. proc.path .. "\" -V"
+local ret, output = common.execute_shell(cmdline)
+if ret == 0 and output and output ~= "" then
+return regex.match(output, "\\d.+\\d")
+else
+agent.error_log("get python version info error:" .. tostring(ret))
+return "" end
+end
+End
+
+```