地址:http://challenge.onebox.so.com/
1.referrer or host
2.js decode
3.urldecode, ASCII
4.JFIF * 2
5.google search.http://c.shellsec.com/spy.html
6. .swp
7.weak password
8.orz... http://bbs.byr.cn/#!article/Security/37534?p=7
9. svg vulnerability : http://zone.wooyun.org/content/2202 + 《白帽子讲Web安全》 跨站脚本攻击 3.2.1 XSS Payload
10. set-cookie expires + ThinkPHP的Ubb标签漏洞读取随意内容
-------
通关!
