In facebook a user there is a feature in which a user can play games.Can make scores and unlock different kind of achievements.Only his/her friends can see his/her scores and achievements.But with GRAPH API non-friends were also able to view game scores and achievements of any users.
Steps to reproduce:
Graph API App's access token didn't worked so I used Facebook For Android App's Access Token.
Made a GET request to https://graph.facebook.com/v2.10/10001133865325?fields=scores{application,score,user} endpoint.
In the above request 10001133865325 is my test account ID.
In response I got my test accounts game scores.(Not my friend on Facebook)
Again made a GET request to https://graph.facebook.com/v2.10/10001133865325?fields=achievements
Issuing a GET request to above endpoint I gor my test accounts Game Achievements in response.
Timeline: (GMT +0)
Reported: Sunday,June 11,2017 at 1:01am
Escalated:Wednesday,June 14,2017 at 7:32pm
Bounty Awarded:$500 on Wednesday,October 11,2017 at 7:29pm
Fixed:Thursday,October 19,2017 at 5:06pm
Steps to reproduce:
Graph API App's access token didn't worked so I used Facebook For Android App's Access Token.
Made a GET request to https://graph.facebook.com/v2.10/10001133865325?fields=scores{application,score,user} endpoint.
In response I got my test accounts game scores.(Not my friend on Facebook)
Again made a GET request to https://graph.facebook.com/v2.10/10001133865325?fields=achievements
Timeline: (GMT +0)
Reported: Sunday,June 11,2017 at 1:01am
Escalated:Wednesday,June 14,2017 at 7:32pm
Bounty Awarded:$500 on Wednesday,October 11,2017 at 7:29pm
Fixed:Thursday,October 19,2017 at 5:06pm
Comments
Post a Comment