From b7547cc17122054affccef9cb1abbf4ca9574c86 Mon Sep 17 00:00:00 2001
From: paupaulaz <33202324+paupaulaz@users.noreply.github.com>
Date: Sun, 22 Nov 2020 10:52:20 +0100
Subject: [PATCH] Puts the H1 reports at the right place

The HackerOne reports mentioned in this doc are referring to Request Smuggling, not CSRF
---
 Account Takeover/README.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/Account Takeover/README.md b/Account Takeover/README.md
index 5c4431b..1f566a1 100644
--- a/Account Takeover/README.md	
+++ b/Account Takeover/README.md	
@@ -135,17 +135,16 @@ Refer to **HTTP Request Smuggling** vulnerability page.
     GET http://something.burpcollaborator.net  HTTP/1.1
     X: X
     ```
+    
+Hackerone reports exploiting this bug
+* https://hackerone.com/reports/737140
+* https://hackerone.com/reports/771666
 
 ## Account Takeover via CSRF
 
 1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
 2. Send the payload
 
-Hackerone reports exploiting this bug
-* https://hackerone.com/reports/737140
-* https://hackerone.com/reports/771666
-
-
 ## Account Takeover via JWT
 
 JSON Web Token might be used to authenticate an user.