diff --git a/pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md b/pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md
index 4c5a6688..6278c903 100644
--- a/pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md
+++ b/pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md
@@ -5,6 +5,8 @@ The transformation can be done in the server or in the browser\).
 
 The most used frameworks are: **Libxslt** \(Gnome\), **Xalan** \(Apache\) and **Saxon** \(Saxonica\).
 
+In order to exploit this kind of vulnerability you need to be able to store xsl tags in the server side and then access that content. An example of this kind of vulnerability can be found on [https://www.gosecure.net/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations/](https://www.gosecure.net/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations/)
+
 ## Fingerprint
 
 Upload this and take information