Facebook Bug Bounty! {Permission Bug}

Hi guys! My name is Ali Tütüncü and I am a security researcher. When I started to bug bounty, I said “I will find a vulnerability on Facebook. This is my goal.”. And I found a vulnerability on 12 Aug 2018.
This is my first write up.
12 Aug 2018
I was searching vulns on facebook 4 days ago. Then, I was bored and started watch “proof of concept videos”. I watched a video and It gave me an idea.
When I went to App’s roles, I saw this permissions:

Tester can’t access app’s insights. Really?

I tried this steps:
- Go to http://developers.facebook.com/apps and create a app.
- Go to https://developers.facebook.com/apps/{App Id}/roles/roles/
- Add a tester.
- Login with your tester account.
- Go to https://www.facebook.com/insights. But I saw nothing. What the?
After a thought, i went to https://facebook.com/analytics/{App Id} and YES! I saw all anaytcis and and I could have edited them.

PoC Video:
Timeline:
Aug. 12, 2018 - Report Triaged
Aug. 15, 2018 - Report Triaged
Aug. 28, 2018 - Issue Fixed
Sept. 05, 2018 - Bounty of $750 Awarded
Follow me on Twitter: https://twitter.com/alicanact60
