The tweet discusses an issue commonly encountered when testing for SQL Injection vulnerabilities using automated tools like SQLMap. Sometimes the tool cannot discover the vulnerability because a Web Application Firewall (WAF) is in place. The WAF detects and blocks the SQL injection attempts, which leads to inconclusive results during testing. However, this does not necessarily mean the vulnerability is not present. With the correct WAF bypass techniques, it is still possible to find and exploit the SQL Injection vulnerability despite the protection put in place by the WAF. This highlights the importance of understanding both vulnerability detection tools and WAF bypass methods when performing security assessments.
Check out the original tweet here: https://twitter.com/JustWantToQ1/status/1974923404718297149