diff --git a/pentesting-web/hacking-with-cookies/cookie-tossing.md b/pentesting-web/hacking-with-cookies/cookie-tossing.md
index 805453a4b..68f106aa4 100644
--- a/pentesting-web/hacking-with-cookies/cookie-tossing.md
+++ b/pentesting-web/hacking-with-cookies/cookie-tossing.md
@@ -19,7 +19,7 @@
 
 ## Description
 
-If an attacker can **control a subdomain of the domain of a company or finds an XSS in a subdomain** he will be able to perform this attack.
+If an attacker can **control a subdomain or the domain of a company or finds an XSS in a subdomain** he will be able to perform this attack.
 
 As it was indicated in the Cookies Hacking section, when a **cookie is set to a domain (specifying it) it will be used in the domain and subdomains.**