A Web Application Firewall (WAF) is actively filtering out both single quotes (') and double quotes ("). This filtering can be bypassed by using a payload like <script>alert(1)</script> which does not rely on quotes for injection. It is important to understand the filtering mechanism of the WAF and craft payloads accordingly to evade detection. For more technical details on bypassing this specific WAF, refer to our blog post.
Check out the original tweet here: https://twitter.com/drpday/status/1931735655253455171