Merge pull request #292 from paupaulaz/master

Puts the H1 reports at the right place

Account Takeover/README.md

@@ -135,17 +135,16 @@ Refer to **HTTP Request Smuggling** vulnerability page.
     GET http://something.burpcollaborator.net  HTTP/1.1
     X: X
     ```
+    
+Hackerone reports exploiting this bug
+* https://hackerone.com/reports/737140
+* https://hackerone.com/reports/771666
 
 ## Account Takeover via CSRF
 
 1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
 2. Send the payload
 
-Hackerone reports exploiting this bug
-* https://hackerone.com/reports/737140
-* https://hackerone.com/reports/771666
-
-
 ## Account Takeover via JWT
 
 JSON Web Token might be used to authenticate an user.