Padding Oracle Attack Example

I try to understand a oracle Padding Oracle Attack example. I try to solve this question but I didn't figure out the answer.

A 7-byte message is padded per PKCS#5 and encrypted using the CBC mode of operation. The resulting ciphertext is
0x07 06 05 04 03 02 01 01, 0x08 09 0A 0B 0C 0D 0E 0F

Assume an Attacker modified that to
0x07 06 05 04 03 02 00 02, 0x08 09 0A 0B 0C 0D 0E 0F
and observed that the ciphertext was decrypted without any problems.

What is byte 7 of the original message?

What I did so far is separate the blocks as
Block 1: 0x07 06 05 04 03 02 00 02
Block 2: 0x08 09 0A 0B 0C 0D 0E 0F

The modified block is changed at the 7^th and 8^th byte so the key length should be 7. The Xor operation could be 0x02 xor 0x07 xor cipher text.

Here is a guide to this is homework:

1. We are told that "a 7-byte message is padded per PKCS#5". What does that perform? Name the outcome "padded message" and note that $P$. What is the length of $P$? What byte(s) have been added to the plaintext to form $P$ according to PKCS#5 padding? Therefore, what's the last byte of $P$?
2. We see that the question gives the "ciphertext" as two blocks of 8 bytes. We need to make sense of that, for it does not match the length in step 1. Since this is CBC, we understand that the first block is actually the Initialisation Vector (IV), and the second block is the one block of actual ciphertext. Note $\mathsf{IV}$ for the first block, and $C$ for the second block (the first and only block of ciphertext that carries information about the message).
3. Given how CBC works, what is the equation linking $\mathsf{IV}$, $P$, $C$, and the function $F$ performing block encryption (under whatever key is used, that we can't know; $F$ could for example be 3DES).
4. When the attacker modifies the "ciphertext", what does it actually change ? Express that change as XOR with an 8-byte constant $Δ$, and determine $Δ$ explicitly.
5. Name $P'$ the padded message after CBC decryption. Using the equation of step 3, what's the equation linking $P$, $P'$, $Δ$ ?
6. What's thus the last byte of $P'$ ?
7. We are told that "the ciphertext was decrypted without any problems", which includes padding checks. What can we thus deduce about other bytes of $P'$ ?
8. Reusing the relation of step 5, what can we deduce about $P$? Conclude.

Clarifying the question's notation (already in the revised original): 0x is to indicate hexadecimal notation in the 8 bytes that follow (8 blocks of 2 hexadecimal characters separated by one space). The , is to visually separate 8 block bytes among the flow of bytes physically sent to the legitimate receiver.

Summary of PKCS#5 padding: it's objective is to prepare the plaintext, consisting of some arbitrary number of bytes (here, 7 bytes), for CBC encryption using a block cipher with 8-byte blocks. That requires transforming the plaintext into a padded plaintext of size a multiple of 8 bytes. This is performed by appending from 1 to 8 byte(s) to the message, such that the number of bytes added satisfies the requirement that the padded message has size a multiple of 8 bytes. The value of each byte added is the number of bytes added.
On decryption, PKCS#5 prescribes to check the padding: the last byte must be for 01 to 08, which tells the total number of padding bytes, and (when that's 2 to 8) the other padding bytes are (per PKCS#5 6.1.2 §5) checked to be equal to the last padding byte. These 1 to 8 padding byte(s) are removed in order to recover the plaintext with it's original length.