[OSCP] Cross-site script

1. Start Walkthrough VM 1 and replicate the steps learned in this Learning Unit to identify the basic XSS vulnerability present in the Visitors plugin. Based on the source code portion we have explored, which other HTTP header might be vulnerable to a similar XSS flaw?
   --> http 헤더 전체를 전체적으로 써봐도 안되네 나중에 다시 찾아봐야겠다..
2. Start Walkthrough VM 2 and replicate the privilege escalation steps we explored in this Learning Unit to create a secondary administrator account. What is the JavaScript method responsible for interpreting a string as code and executing it?
   --> eval 
   
   
3. Capstone Lab: Start Module Exercise VM 1 and add a new administrative account like we did in this Learning Unit. Next, craft a WordPress plugin that embeds a web shell and exploit it to enumerate the target system. Upgrade the web shell to a full reverse shell and obtain the flag located in /tmp/. Note: The WordPress instance might show slow responsiveness due to lack of internet connectivity, which is expected.
   --> wordpress 공부 까지 해야겠네..

xss는 어느정도 이해하고 사용할줄 아는데 바로 CSRF넘어가네..