diff --git a/pentesting-web/ssti-server-side-template-injection/README.md b/pentesting-web/ssti-server-side-template-injection/README.md
index e07b771a6..a1aa426cf 100644
--- a/pentesting-web/ssti-server-side-template-injection/README.md
+++ b/pentesting-web/ssti-server-side-template-injection/README.md
@@ -810,15 +810,40 @@ Even if it's perl it uses tags like ERB in Ruby.
<% perl code %>
```
-### Method Confusion in GO
+### SSTI in GO
-It's possible to **call methods of the object** that is passed to the context of the template.\
-For example if an object has the method `System` to execute a command or the method `File` to read a file you could achieve **RCE** o **read arbitrary files** with:
+The way to confirm that the template engine used in the backed is Go you can use these payloads:
-* `{{.System "whoami"}}`
-* `{{.File "/etc/passwd}}`
+* `{{ . }}` = data struct being passed as input to the template
+ * If the passed data is an object that contains the attribute Password for example, the previous payload would leak it, but you could also do: `{{ .Password }}`
+* `{{printf "%s" "ssti" }}` = should output the string ssti in the response
+* `{{html "ssti"}}`, `{{js "ssti"}}` = These are a few other payloads which should output the string "ssti" without the trailing words "js" or "html". You can refer to more keywords in the engine [here](https://golang.org/pkg/text/template).
-More information in the original research [https://www.onsecurity.io/blog/go-ssti-method-research/](https://www.onsecurity.io/blog/go-ssti-method-research/)
+#### XSS exploitation
+
+If the server is **using the text/template** package, XSS is very easy to achieve by **simply** providing your **payload** as input. However, that is **not the case with html/template** as itHTMLencodes the response: `{{""}}` **** --> `<script>alert(1)</script>`
+
+However, Go allows to **DEFINE** a whole **template** and then **later call it**. The payload will be something like:\
+`{{define "T1"}}{{end}} {{template "T1"}}`
+
+#### RCE Exploitation
+
+The documentation for both the html/template module can be found [here](https://golang.org/pkg/html/template/), and the documentation for the text/template module can be found [here](https://golang.org/pkg/text/template/), and yes, they do vary, a lot. For example, in **text/templat**e, you can **directly call any public function with the “call” value**, this however, is not the case with html/template.
+
+If you want to find a RCE in go via SSTI, you should know that as you can access the given object to the template with `{{ . }}`, you can also **call the objects methods**. So, imagine that the **passed object has a method called System** that executes the given command, you could abuse it with: `{{ .System("ls") }}`\
+Therefore, you will probably **need the source code**. A potential source code for something like that will look like:
+
+```go
+func (p Person) Secret (test string) string {
+ out, _ := exec.Command(test).CombinedOutput()
+ return string(out)
+}
+```
+
+#### More information
+
+* [https://blog.takemyhand.xyz/2020/05/ssti-breaking-gos-template-engine-to.html](https://blog.takemyhand.xyz/2020/05/ssti-breaking-gos-template-engine-to.html)
+* [https://www.onsecurity.io/blog/go-ssti-method-research/](https://www.onsecurity.io/blog/go-ssti-method-research/)
### More Exploits