Update nextjs.md

Author: carlospolop

src/network-services-pentesting/pentesting-web/nextjs.md

@@ -1382,9 +1382,9 @@ rg -n "'use server';" -g"*.{js,ts,jsx,tsx}" app/
 - **Next.js stable:** App Router releases 15.0.0–16.0.6 embed the vulnerable RSC stack. Patch trains 15.0.5 / 15.1.9 / 15.2.6 / 15.3.6 / 15.4.8 / 15.5.7 / 16.0.7 include fixed deps, so any build below those versions is high-value.
 - **Next.js canary:** `14.3.0-canary.77+` also ships the buggy runtime and currently lacks patched canary drops, making those fingerprints strong exploitation candidates.
 
-#### Remote detection oracle (react2shell-scanner)
+#### Remote detection oracle
 
-Until a full exploit is public, detection is mostly protocol-based. Assetnote’s [`react2shell-scanner`](https://github.com/assetnote/react2shell-scanner) sends a crafted multipart Flight request to candidate paths and watches server-side behavior:
+Assetnote’s [`react2shell-scanner`](https://github.com/assetnote/react2shell-scanner) sends a crafted multipart Flight request to candidate paths and watches server-side behavior:
 
 - **Default mode** executes a deterministic RCE payload (math operation reflected via `X-Action-Redirect`) proving code execution.
 - **`--safe-check` mode** purposefully malforms the Flight message so patched servers return `200/400`, while vulnerable targets emit `HTTP/500` responses containing the `E{"digest"` substring inside the body. That `(500 + digest)` pair is currently the most reliable remote oracle published by defenders.