diff --git a/network-services-pentesting/pentesting-web/drupal/README.md b/network-services-pentesting/pentesting-web/drupal/README.md
index 8b94200f5..c3d80d2fb 100644
--- a/network-services-pentesting/pentesting-web/drupal/README.md
+++ b/network-services-pentesting/pentesting-web/drupal/README.md
@@ -1,12 +1,12 @@
 # Drupal
 
 {% hint style="success" %}
-Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
-Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
+Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>
 
-<summary>Podrška HackTricks</summary>
+<summary>Podržite HackTricks</summary>
 
 * Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
 * **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
@@ -53,7 +53,7 @@ Novije instalacije Drupala po defaultu blokiraju pristup datotekama `CHANGELOG.t
 
 #### Registracija
 
-Na _/user/register_ samo pokušajte da kreirate korisničko ime i ako je ime već zauzeto bićete obavešteni:
+U _/user/register_ samo pokušajte da kreirate korisničko ime i ako je ime već zauzeto bićete obavešteni:
 
 ![](<../../../.gitbook/assets/image (328).png>)
 
@@ -69,7 +69,7 @@ Ako zatražite novu lozinku za nepostojeće korisničko ime:
 
 ### Dobijanje broja korisnika
 
-Pristupanjem _/user/\<number>_ možete videti broj postojećih korisnika, u ovom slučaju je 2 jer _/users/3_ vraća grešku da nije pronađeno:
+Pristupajući _/user/\<number>_ možete videti broj postojećih korisnika, u ovom slučaju je 2 jer _/users/3_ vraća grešku da nije pronađeno:
 
 ![](<../../../.gitbook/assets/image (333).png>)
 
@@ -102,9 +102,14 @@ Ako imate pristup Drupal web konzoli, proverite ove opcije da biste dobili RCE:
 [drupal-rce.md](drupal-rce.md)
 {% endcontent-ref %}
 
+## Drupal From XSS to RCE
+Kroz ovu tehniku, moguće je postići **Remote Code Execution (RCE)** u Drupalu putem **Cross-Site Scripting (XSS)**. https://github.com/nowak0x01/Drupalwned
+<br><br>
+**Za detaljnije korake proverite:** https://nowak0x01.github.io/papers/76bc0832a8f682a7e0ed921627f85d1d.html
+
 ## Post Exploitation
 
-### Pročitajte settings.php
+### Read settings.php
 ```
 find / -name settings.php -exec grep "drupal_hash_salt\|'database'\|'username'\|'password'\|'host'\|'port'\|'driver'\|'prefix'" {} \; 2>/dev/null
 ```