payload <?php header('X-XSS-Protection: 0');header('Content-Type: text/html;charset=utf-8'); echo preg_replace('/<\w+/'''$_GET['q']) ?>
<?php highlight_string
(file_get_contents(__FILE__true));?>