A bug was reported to the target and it took about an hour to bypass the WAF. It would be beneficial to provide more details about the specific vulnerability type and WAF vendor for a more in-depth analysis.
For more details, check out the original tweet here: https://twitter.com/tabaahi_/status/1787572256752992642