0+

VAPTs

Expertise in Enterprise Level Security Assessments. *(2024 stats)


0+

Security Issues

We've found security vulnerabilties which have high impact on infrastructrue. *(2024 stats)


0+

Apps & Publications

Actively engaged in innovative security research and other development projects.

$ whoami_

zyenra is the personal cybersecurity practice of Ravindu Wickramasinghe, a security engineer specializing in offensive security, exploit development, and vulnerability assessments. I provide in-depth penetration testing, technical audits, and security architecture reviews, with a focus on identifying critical risks and delivering actionable results. I work closely with organizations to design tailored solutions that integrate seamlessly into their infrastructure, ensuring robust protection without hindering progress. My approach combines expert technical knowledge with a deep understanding of evolving threats and industry standards, offering effective, real-world security strategies that align with your business needs.

highlights

Recent

Highlights of Recent developments and Published Work.

Publications

Recent Activities
CVE-2024-42640 - Unauthenticated RCE via Angular-Base64-Upload

angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploiting this vulnerability allows an attacker to upload arbitrary file content to the server, which can subsequently be accessed through the angular-base64-upload/demo/uploads endpoint. This lead to the execution of previously uploaded content and ultimately enable the attacker to achieve code execution on the server

CVE-2024-57514 - XSS in TP-Link A20 v3 Router

The TP-Link Archer A20 v3 Router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL.