This tweet discusses a SQL injection vulnerability in the display.php script, specifically related to bypassing the WAF protections using the ID parameter. The author points out a common mistake teams make, which is checking WAF rules first when investigating or defending against such attacks. They argue that this is the wrong layer to focus on initially. In essence, the message is that securing or examining deeper layers beyond just WAF rules is crucial for effective protection against SQL injection attacks. Understanding that a WAF alone may not catch all bypass attempts, especially via parameters like ID, is important for a comprehensive security approach.
Original tweet: https://twitter.com/EdgeDetectOps/status/2037364147722092853