360-A-Team/HideShell: A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.
2019-03-31 16:01:31
Author: github.com(查看原文)
阅读量:304
收藏
Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign up
A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.
A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs. JSPs hidden by hideshell.jsp remain accessbile until the next reboot of Tomcat instance.
Environments tested
How it works?
TL;DR
Hideshell.jsp hides JSP files by simply deleting them, while persuading Tomcat into believing that files are still there, thus serving them as usual.
文章来源: https://github.com/360-A-Team/HideShell
如有侵权请联系:admin#unsafe.sh