Expanded Vulnerability Surface: IDOR, XSS, and CSRF Flags

v1.3.0

This release expands the security training surface of OSS OopsSec Store by introducing new exploitable vulnerabilities, each leading to a dedicated flag.

Added

• IDOR flag

  • Introduces an Insecure Direct Object Reference vulnerability.
  • Allows attackers to access unauthorized resources by manipulating identifiers.

• XSS flag

  • Adds a Cross-Site Scripting vulnerability.
  • Demonstrates client-side code injection and its potential impact.

• CSRF flag

  • Introduces a Cross-Site Request Forgery vulnerability.
  • Highlights the risks of missing or misconfigured CSRF protections.

Changed

• Removed an useless MD5 reference from the news page.

Notes

All vulnerabilities are intentionally introduced for educational purposes and must never be used in production environments.