pcx feedback

patriciasantaana · patriciasantaana · commit 00fb42c5b791 · 2025-10-10T11:26:09.000-07:00
diff --git a/src/content/docs/api-shield/security/bola-vulnerability-detection.mdx b/src/content/docs/api-shield/security/bola-vulnerability-detection.mdx
@@ -41,7 +41,7 @@ The BOLA enumeration label requires an endpoint to have seen at least 10,000 ses
 
 ## Parameter pollution
 
-Cloudflare detects anomalies where one or more successful requests containing a value in an expected path, query string or header have that value duplicated in an unexpected, similar location.
+Cloudflare detects anomalies where one or more successful requests containing a value in an expected path, query string, header, or cookie have that value duplicated in an unexpected, similar location.
 
     This behavior may be indicative of attackers trying to confuse the API's authorization system and bypass security controls.
 
@@ -50,7 +50,7 @@ Cloudflare detects anomalies where one or more successful requests containing a
 
     - **Normal behavior**: `orderId` sent in a path variable like `GET /api/v1/orders/12345`
     - **Attacker behavior**: `orderId` is also sent as a query parameter, triggering old, undocumented code that looks for orders in the query parameter and happens to lack an authorization check: `GET /api/v1/orders/12345?orderId=67890`
-    - **Result**: By passing in a bogus order or an order that the attacker owns (`12345`), they are able to trigger the old, undocumented code and access an order that they do not own (`67890`)
+    - **Result**: By passing in a fake order or an order that the attacker owns (`12345`), they are able to trigger the old, undocumented code and access an order that they do not own (`67890`)
 </Details>
 
 ## Process
