[Facebook] Disclose hidden Page address/location

 

A Page can hide it's address/location to public view. But by making an API request, this could have been leaked.

POC -

Go to API Explorer and add "target_page_id?fields=single_line_address" as query and make the request.

User access_token was required in this call.

This would result the address and location of the Page.

Timeline -

Reported - Sunday, July 1, 2018

Marked Duplicate - Tuesday , July 17, 2018

This is now fixed.