Update cookie-tossing.md

2024-11-21 20:23:18 +00:00 · 2024-04-03 16:33:05 -04:00 · 2024-04-03 16:33:05 -04:00 · f8739577fd
commit f8739577fd
parent c412e06585
1 changed files with 1 additions and 1 deletions
--- a/pentesting-web/hacking-with-cookies/cookie-tossing.md
+++ b/pentesting-web/hacking-with-cookies/cookie-tossing.md
@ -28,7 +28,7 @@ This can be dangerous as the attacker may be able to:

 * **Fixate the cookie of the victim to the attacker's account** so if the user doesn't notice, **he will perform the actions in the attacker's account** and the attacker may obtain some interesting information (check the history of the searches of the user in the platform, the victim may set his credit card in the account...)
 * If the **cookie doesn't change after login**, the attacker may just **fixate a cookie (session-fixation)**, wait until the victim logs in and then **use that cookie to log in as the victim**.
-  * Sometimes, even if the session cookies changes, the attacker use the previous one and he willr receive the new one also.
+  * Sometimes, even if the session cookies changes, the attacker use the previous one and he will receive the new one also.
 * If the **cookie is setting some initial value** (like in flask where the **cookie** may **set** the **CSRF token** of the session and this value will be maintained after the victim logs in), the **attacker may set this known value and then abuse it** (in that scenario, the attacker may then make the user perform a CSRF request as he knows the CSRF token).
  * Just like setting the value, the attacker could also get an unauthenticated cookie generated by the server, get the CSRF token from it and use it.