diff --git a/Apache-ActiveMQ-Jolokia-远程代码执行漏洞-CVE-2022-41678.md b/Apache-ActiveMQ-Jolokia-远程代码执行漏洞-CVE-2022-41678.md
index 66f2b7e..4f9cf4a 100644
--- a/Apache-ActiveMQ-Jolokia-远程代码执行漏洞-CVE-2022-41678.md
+++ b/Apache-ActiveMQ-Jolokia-远程代码执行漏洞-CVE-2022-41678.md
@@ -35,7 +35,7 @@ Content-Length: 136
 记住这个 `value`参数中的值，后面的poc要用到,例如现在是4
 ![](./assets/20231130233131.png)
 #### 写入payload
-![](./assets/20231130233450.png)
+
 ```
 POST /api/jolokia/ HTTP/1.1
 Host: localhost:8161
@@ -714,7 +714,7 @@ Content-Length: 136
 </configuration>"]
 }
 ```
-
+![](./assets/20231130233450.png)
 ### 导出录制到web目录
 ```
 POST /api/jolokia/ HTTP/1.1
@@ -777,3 +777,10 @@ Content-Length: 159
 
 ![](./assets/20231130233835.png)
 
+## 漏洞来源
+- https://l3yx.github.io/2023/11/29/Apache-ActiveMQ-Jolokia-%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E-CVE-2022-41678-%E5%88%86%E6%9E%90/
+
+## payload
+本地搭建源码，环境配置不正确，无法调试代码，payload是搜索GitHub关键字找到的
+- https://github.com/gradle/gradle-profiler/blob/2eb14e031fbd48203fb05b28183decd1ee2304de/src/main/resources/org/gradle/profiler/jfr/openjdk.jfc#L4
+