Last week, recently discovered SharePoint weaknesses captured a significant portion of our focus. It is reasonable to conclude that last Monday (July 21st), all vulnerable SharePoint installations that were exposed were compromised. Naturally, there is nothing stopping repeated exploitation of the same instance, and it is likely that occurred frequently. However, why exploit it personally if you can merely utilize the backdoors left by earlier attacks? Many of these backdoors were highly publicized. The first backdoor, “spinstall0.aspx,” was often seen, and Microsoft documented several variations of this filename [1].