FreightManifest
Aerotrust Supply's parts catalog has been answering the same way since 1999. The wrapper around it has changed; the voice on the page hasn't.
The Scenario
Aerotrust's catalog backend dates back to a 1999 migration off a homegrown
FoxPro setup. The PHP front-end was wrapped around it the same year. The
underlying storage was quietly swapped out in 2014 for cost reasons, but
the team kept the legacy response surface untouched — partly because the
procurement team's tooling scrapes that text and complains when the format
changes, partly because nobody owns that page anymore. The label on the
tin and what's inside the tin haven't matched for over a decade.
Challenge Intel
Synopsis
An aviation-parts catalog returns Oracle-styled errors but actually runs on MySQL. Find the flag in an internal notes table by following the UNION across.
What It Is
Aerotrust Supply is a B2B aviation parts wholesaler running its catalog on a stack that was last revisited in 2014. The catalog's part-number lookup at /lookup.php concatenates the URL parameter directly into a SELECT. Error display was customized to look like Oracle's responses because the procurement team's tooling expects that format. The lesson here is that database fingerprinting via error syntax is not always trustworthy. Players who reach for Oracle-specific payloads (v$version, dual, all_tables) will find the syntax works — because the server-side query interpreter (MySQL) is lenient enough to accept the classic UNION extraction pattern regardless of the apparent dialect.
Who It's For
Players who want practice on the 'identify the database' step of SQLi recon — and the realization that fingerprints can be set-dressing.
Skills You'll Practice
- Database version disclosure via error display
- Recognizing custom-styled errors as a fingerprinting trap
- Oracle-flavored UNION SELECT syntax (with the FROM dual idiom)
- Cross-table UNION extraction from internal-only tables
What You'll Gain
- Caution around database-fingerprinting heuristics
- Oracle SQLi muscle memory even without a real Oracle backend
Ready to hack FreightManifest?
Upgrade to Pro to unlock this challenge and the full library.