[Facebook] Bypassing "Membership requests from Pages"

 Any Page could have joined a Group when "Membership requests from Pages" is set to Disallowed.


A Group member will make the following request -


POST /ajax/groups/members/add_post/?dpr=1 HTTP/1.1

Host: www.facebook.com



Here the "members[0]=" value could be changed to a Page's ID which he wanted to invite.

If this request was made by the Mod of a Group, no notification was sent to the Admin for Membership approval.

Timeline -

Reported - Sunday, November 18, 2018

Marked as Duplicate - Wednesday, November 21, 2018

This is fixed now.