diff --git a/src/pentesting-web/file-upload/README.md b/src/pentesting-web/file-upload/README.md
index 5d37d138b..0f1d9919c 100644
--- a/src/pentesting-web/file-upload/README.md
+++ b/src/pentesting-web/file-upload/README.md
@@ -164,7 +164,7 @@ Note that **another option** you may be thinking of to bypass this check is to m
 
 ### Escaping upload directory via NTFS junctions (Windows)
 
-When uploads are stored under per-user subfolders on Windows (e.g., C:\Windows\Tasks\Uploads\<id>\) and you control creation/deletion of that subfolder, you can replace it with a directory junction pointing to a sensitive location (e.g., the webroot). Subsequent uploads will be written into the target path, enabling code execution if the target interprets server‑side code.
+(For this attack you will need local access to the Windows machine) When uploads are stored under per-user subfolders on Windows (e.g., C:\Windows\Tasks\Uploads\<id>\) and you control creation/deletion of that subfolder, you can replace it with a directory junction pointing to a sensitive location (e.g., the webroot). Subsequent uploads will be written into the target path, enabling code execution if the target interprets server‑side code.
 
 Example flow to redirect uploads into XAMPP webroot: