<html>
<?php
header('Content-Type: text/html; charset=UTF-8');
header('X-XSS-Protection: 0');
highlight_string(file_get_contents(__FILE__, true));
$x=$_GET['x'];
$x=str_ireplace('$','',$x); // Use it to bypass WAF,I know it's annoying but I can't disable it :P
$x=str_ireplace('<','BLOCKED',$x);
$x=str_ireplace('>','BLOCKED',$x);
$x=str_ireplace('onclick','BLOCKED',$x);
$x=str_ireplace('onmouseover','BLOCKED',$x);
$x=str_ireplace('onmouseout','BLOCKED',$x);
$x = mb_convert_case($x, MB_CASE_LOWER);
echo '<a id=x href=lol?id='.$x.'>AutoClick</a>';
?>
<script>
//Lets click the above link to redirect automatically
document.getElementById("x").click();
</script>
</html>
AutoClick