Assignment 1

If you click here, you will see a crude interface to a database file.

Link to the Assignment

Your job is to figure out Mickey Mouse's age.

There are other files in the directory that you need to try to find, but as a clue, one is delete.php which lets you delete a record. One of those deleted could be Mickey Mouse's, so you might need to reset to initial conditions.


There are 5 views, cleverly named view1, view2, ... view5. For each view, figure out how to get Mickey's age. If you can't get a particular view, it's not the end of the world.

When you have figured out each of the views that you successfully exploit, send me an email and tell me Mickey's age and how you accomplished each exploit.

There is a certain possibility of race conditions with this app since everyone can change the database. You are free to copy everything somewhere if you find that easier. Try to do this without looking at the source code, to see how much progress you can make, since attackers typically don't have access to everything.

Zip File