diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md index 7d4d715..1bbbc7e 100644 --- a/CORS Misconfiguration/README.md +++ b/CORS Misconfiguration/README.md @@ -131,7 +131,7 @@ https://trusted-origin.example.com/?xss= ### Vulnerable Example: Wildcard Origin `*` without Credentials If the server responds with a wildcard origin `*`, the browser does never send -the cookies. Howver, if the server does not require authentication, it's still +the cookies. However, if the server does not require authentication, it's still possible to access the data on the server. This can happen on internal servers that are not accessible from the Internet. The attacker's website can then pivot into the internal network and access the server's data withotu