|
|
|
|
|
|
by voyou
4573 days ago
|
|
|
"Twitter requires clients to ask for the DM permission before they can send DMs" Perhaps it should, but it doesn't - apps can use the normal API to send DMs without asking for the special DM permission. So the use of the "d" command through the API isn't a vulnerability (it doesn't let anyone do anything they aren't supposed to be able to do), even if it is weird. |
|
|