0+
VAPTs
Expertise in Enterprise Level Security Assessments. *(2024 stats)
0+
Security Issues
We've found security vulnerabilties which have high impact on infrastructrue. *(2024 stats)
0+
Apps & Publications
Actively engaged in innovative security research and other development projects.
$ whoami_
zyenra is the personal cybersecurity practice of Ravindu Wickramasinghe, a security engineer specializing in offensive security, exploit development, and vulnerability assessments.
I provide in-depth penetration testing, technical audits, and security architecture reviews, with a focus on identifying critical risks and delivering actionable results.
I work closely with organizations to design tailored solutions that integrate seamlessly into their infrastructure, ensuring robust protection without hindering progress.
My approach combines expert technical knowledge with a deep understanding of evolving threats and industry standards, offering effective, real-world security strategies that align with your business needs.
Recent
Highlights of Recent developments and Published Work.
Publications
Recent Activities
CVE-2024-42640 - Unauthenticated RCE via Angular-Base64-Upload
angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploiting this vulnerability allows an attacker to upload arbitrary file content to the server, which can subsequently be accessed through the angular-base64-upload/demo/uploads endpoint. This lead to the execution of previously uploaded content and ultimately enable the attacker to achieve code execution on the server
CVE-2024-57514 - XSS in TP-Link A20 v3 Router
The TP-Link Archer A20 v3 Router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL.