A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs. JSPs hidden by hideshell.jsp remain accessbile until the next reboot of Tomcat instance.

• Tomcat 7
• Tomcat 8

• Tomcat 源代码调试笔记 - 看不见的 Shell

• Tomcat 源代码调试 - 看不见的 Shell 第二式之隐藏任意 Jsp 文件

• Tomcat 源代码调试 - 看不见的 Shell 第二式增强之无痕

Hideshell.jsp hides JSP files by simply deleting them, while persuading Tomcat into believing that files are still there, thus serving them as usual.