This tweet highlights the importance of focusing on finding critical security bugs, particularly SQL Injection (SQLi), rather than spending time on Cross-Site Scripting (XSS), which can be automated. It also emphasizes the challenge of bypassing Web Application Firewalls (WAFs) to successfully exploit SQLi vulnerabilities. The tweet encourages security researchers and bug bounty hunters to prioritize identifying impactful vulnerabilities like SQLi and to develop techniques for bypassing different WAF protections. However, the tweet does not provide any specific payloads or technical details about bypassing WAFs. It serves as a reminder to prioritize high-value security bugs and the skill of evading WAF defenses in web security testing.
For more details, check out the original tweet here: https://twitter.com/5hady_/status/1961897984272060508