Research

This research blog features a collection of original security research, including security advisories, CTF writeups, and technical blog posts on cyber security written by Ravindu Wickramasinghe. Everything published here is based on hands-on work and personal study, intended to document methods, share insights, and contribute to the broader security community.

By Ravindu Wickramasinghe | rvz

Disclaimer: All blog posts and PoC exploits listed here and on the GitHub profile are for educational and authorized testing only. The author is not responsible for any misuse or illegal activity. Use at your own risk.

Security Advisories

JWT Verification Bypass in Netmaker Allows Unauthenticated Access to Host Endpoints

A critical authentication bypass in the VerifyHostToken function in Netmaker < 1.5.0. The function fails to check the token.Valid field after JWT parsing, accepting forged tokens signed with any key. This allows unauthenticated attackers to impersonate any host and extract sensitive credentials.

CVE-2025-62719 - LinkAce Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality

The htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource.

CVE-2025-62720 - LinkAce - Data Exfiltration via Export Functions Allowing Access to All Users' Private Links

The export functionality in the ExportController class allows any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners.

CVE-2025-62721 - LinkAce Authorization Bypass Allowing Unauthorized Access to All Private Links, Lists, and Tags via RSS Feed Endpoints

The authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system, regardless of their ownership or visibility settings.

CVE-2025-62722 - LinkAce - Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Functionality

The social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the title field.

CVE-2024-42640 : Unauthenticated Remote Code Execution via Angular-Base64-Upload Library

The angular-base64-upload library, created by Adones Pitogo, is a tool designed to simplify the process of uploading base64-encoded files in Angular applications.

CVE-2024-57514 – XSS in TP-Link A20 v3 Router

The TP-Link Archer A20 v3 Router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface.

CVE-2025-51569 – XSS in LB-Link BL-CPE300M AX300 4G LTE Router

The LB-Link BL-CPE300M router web interface is vulnerable to reflected cross-site scripting (XSS) vulnerability.

CVE-2025-57278 – Improper IP Bound Session Authentication in LB-Link BL-CPE300M AX300 4G LTE Router

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling

Blog Posts

Privilege Escalation via sudo mkdir: Exploiting Bash Completion

A privilege escalation technique discovered during a VAPT engagement. This post documents how misconfigured sudo permissions for mkdir, combined with the mkdir -m flag and bash completion auto-loading, can lead to full root access. This specific technique was not found documented in common privilege escalation resources.