My first thought before I realized you could actually see the php code, was that it was some kind of sanitizing input exploit, maybe SQL injection (with the name or age) or, since the HTML input fields had "length" to go over that.
Once I figured out what to do, it was only a matter of finding the right tool to do it. I didn't realize curl could [edit: --redacted--] (cool!), but I used OWASP ZAP and did a [edit: --redacted--]. Same method, different tool. Btw, thank you for explaining the curl options, I normally don't use curl much, but apparently I should :)
EDIT: Redacted stuff so as not to ruin the fun for others
Once I figured out what to do, it was only a matter of finding the right tool to do it. I didn't realize curl could [edit: --redacted--] (cool!), but I used OWASP ZAP and did a [edit: --redacted--]. Same method, different tool. Btw, thank you for explaining the curl options, I normally don't use curl much, but apparently I should :)
EDIT: Redacted stuff so as not to ruin the fun for others