diff --git a/README.md b/README.md
index 8184f87..c49a98e 100644
--- a/README.md
+++ b/README.md
@@ -180,7 +180,7 @@
- [WinRAR 代码执行漏洞 (CVE-2018-20250)-POC](https://github.com/Ridter/acefile)|[相关文章](https://research.checkpoint.com/2019/extracting-code-execution-from-winrar/)|[全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250)](https://xlab.tencent.com/cn/2019/02/22/investigating-winrar-code-execution-vulnerability-cve-2018-20250-at-internet-scale/)
- [windows10相关漏洞EXP&POC](https://github.com/nu11secur1ty/Windows10Exploits)
- [shiro rce 反序列 命令执行 一键工具](https://github.com/wyzxxz/shiro_rce)
-- [CVE-2019-1458-Win32k中的特权提升漏洞](https://github.com/unamer/CVE-2019-1458)
+- [CVE-2019-1458-Win32k中的特权提升漏洞【shell可用-Windows提取】](https://github.com/unamer/CVE-2019-1458)
## tools-小工具集合
@@ -282,6 +282,7 @@
- [mssqli-duet-用于mssql的sql注入脚本,使用RID爆破,从Active Directory环境中提取域用户](https://github.com/Keramas/mssqli-duet)
- [【Android脱壳】之一键提取APP敏感信息](https://github.com/TheKingOfDuck/ApkAnalyser)
- [Shiro系列漏洞检测GUI版本-ShiroExploit GUI版本](https://github.com/feihong-cs/ShiroExploit_GUI)
+- [通过phpinfo获取cookie突破httponly](./通过phpinfo获取cookie突破httponly.md)
## 文章/书籍/教程相关
diff --git a/通过phpinfo获取cookie突破httponly.md b/通过phpinfo获取cookie突破httponly.md
new file mode 100644
index 0000000..01629a7
--- /dev/null
+++ b/通过phpinfo获取cookie突破httponly.md
@@ -0,0 +1,36 @@
+### `XSS`代码
+
+```javascript
+
+```
+
+来源:https://www.t00ls.net/thread-55915-1-1.html https://www.t00ls.net/thread-55912-1-1.html
+
+仅作笔记.禁止滥用.
\ No newline at end of file