The tweet mentions the discovery of a SQL injection vulnerability in the mobile number login form. The user tried using SQLmap but it did not work as expected. However, the user successfully bypassed the Web Application Firewall (WAF) and effectively managed load balancing. More information on the WAF vendor is not provided. It would be beneficial to investigate the WAF vendor to understand the specific bypass techniques used.
Check out the original tweet here: