diff --git a/pentesting-web/xxe-xee-xml-external-entity.md b/pentesting-web/xxe-xee-xml-external-entity.md
index d08f86571..e9f92c555 100644
--- a/pentesting-web/xxe-xee-xml-external-entity.md
+++ b/pentesting-web/xxe-xee-xml-external-entity.md
@@ -133,7 +133,7 @@ In **java** based applications it might be possible to **list the contents of a
 
 ### SSRF
 
-An XXE could also bu used to abuse a SSRF inside a cloud
+An XXE could be used to abuse a SSRF inside a cloud
 
 ```markup
 <?xml version="1.0" encoding="UTF-8"?>
@@ -143,7 +143,7 @@ An XXE could also bu used to abuse a SSRF inside a cloud
 
 ### Blind SSRF
 
-Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that cause you could try using **XML parameter entities**:
+Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that case you could try using **XML parameter entities**:
 
 ```markup
 <?xml version="1.0" encoding="UTF-8"?>