callback{}<img src=x> issues

Results 3 issues of


                                            callback{}<img src=x>

http://layuimini.99php.cn/onepage/v2/index.html#/page/a../../../../../onepage/v2/images/logo.png 如果后面的图片是用户恶意上传的html 即使后缀是图片格式依然可以触发xss吧

good job for collect cname ! but when i test azureedege.net ,it seems like to verify the domain by txt record when i add some domain to take over .

如何获得自己bilbili账号的access_token