diff --git a/Account Takeover/README.md b/Account Takeover/README.md
index 5c4431b..1f566a1 100644
--- a/Account Takeover/README.md	
+++ b/Account Takeover/README.md	
@@ -135,17 +135,16 @@ Refer to **HTTP Request Smuggling** vulnerability page.
     GET http://something.burpcollaborator.net  HTTP/1.1
     X: X
     ```
+    
+Hackerone reports exploiting this bug
+* https://hackerone.com/reports/737140
+* https://hackerone.com/reports/771666
 
 ## Account Takeover via CSRF
 
 1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
 2. Send the payload
 
-Hackerone reports exploiting this bug
-* https://hackerone.com/reports/737140
-* https://hackerone.com/reports/771666
-
-
 ## Account Takeover via JWT
 
 JSON Web Token might be used to authenticate an user.