Lab Vulnerabilities
Stored XSS in Tweets
Tweet text renders innerHTML — try <img src=x onerror=alert(document.cookie)>
OAuth Token Leak
tw_token exposed in localStorage — no HttpOnly
IDOR on DMs
GET /api/dm/[thread_id] — change ID to read others' DMs
Password Reset Poisoning
Host header not validated in password reset email