This tweet discusses a situation where a security researcher or attacker has identified a possible SQL injection (SQLi) vulnerability in a target website. However, the target is protected by Cloudflare WAF (Web Application Firewall), which is intended to block malicious payloads. The tweet suggests that there are methods to entirely bypass Cloudflare's firewall to deliver the SQLi payload successfully. Furthermore, the referenced article explains how to discover the original IP address of a target website that is behind popular Content Delivery Networks (CDNs) such as Cloudflare. Identifying the origin IP allows sending malicious payloads directly to the server, bypassing the WAF protections provided by the CDN. This technique is crucial because WAFs at the CDN level like Cloudflare often filter out or block attack payloads. By finding the real IP of the backend server, attackers can circumvent these defenses and exploit vulnerabilities such as SQL injection successfully. The article likely provides several approaches and techniques for uncovering the real IPs, which could involve DNS history, subdomain enumeration, or other reconnaissance steps. This knowledge lets penetration testers or attackers bypass Cloudflare's defenses and test or exploit the SQLi issue without the interference of the WAF.