In the script you can see a code similar to the following:
http://go.cuevana.tv/[ELIMINADO]http://sitio-dañino.blogspot.com/
In this URL, the deleted part corresponds to the name of the PHP that performs the redirection to the indicated site and, by not being correctly validated, allows to deceive the user into thinking that he will enter Cuevana when in fact he will be redirected to the harmful site.
These types of vulnerabilities, as we have shown several times are used by criminals and even the NBA site has been used for this purpose.
As this vulnerability is also being used by criminals actively in Facebook applications, from Segu-Info we have already informed Cuevana to proceed to solve the problem.
Update 18:00: The vulnerability has already been fixed.
Cristian from the Segu-Info Newsroom
Leave your comment