diff --git a/src/pentesting-web/http-request-smuggling/README.md b/src/pentesting-web/http-request-smuggling/README.md
index 40f0902fa..933b2ead3 100644
--- a/src/pentesting-web/http-request-smuggling/README.md
+++ b/src/pentesting-web/http-request-smuggling/README.md
@@ -380,7 +380,7 @@ If you’re targeting browser-powered/client-side desync, the malicious request
 For background and end-to-end workflows:
 
 {{#ref}}
--browser-http-request-smuggling.md
+browser-http-request-smuggling.md
 {{#endref}}
 
 ### Tooling to help decide