[OSCP] XSS (Cross site script)

1. Start Walkthrough VM 1 and replicate the steps learned in this Learning Unit to identify the basic XSS vulnerability present in the Visitors plugin. Based on the source code portion we have explored, which other HTTP header might be vulnerable to a similar XSS flaw?
   -->
2. Start Walkthrough VM 2 and replicate the privilege escalation steps we explored in this Learning Unit to create a secondary administrator account. What is the JavaScript method responsible for interpreting a string as code and executing it?
   --> eval
3. Capstone Lab: Start Module Exercise VM 1 and add a new administrative account like we did in this Learning Unit. Next, craft a WordPress plugin that embeds a web shell and exploit it to enumerate the target system. Upgrade the web shell to a full reverse shell and obtain the flag located in /tmp/. Note: The WordPress instance might show slow responsiveness due to lack of internet connectivity, which is expected.
   -->

1. walkthrough vm1의 xss 관련 헤더 모두 확인해봤는데 해당문제의 의도는 아닌것 같다 

다음에 다시 풀어야 겠다.

3. 이문제의 관건은 wordpress의 plug-in을 사용하는 방법을 알아야한다... 일단 다음문제로..