Rating:
XSS using DOM clobbering and browser's antiXSS. Redis injection and PHP disabled_functions' bypass.
I don't remember
