This tweet describes a security testing scenario where a SQL Injection vulnerability was found on a web endpoint. Using the tool sqlmap, the tester discovered a blind time-based SQL injection, which means that the attack does not directly reveal data but causes time delays that indicate whether the injection was successful. The vulnerability was hidden behind a custom error handler, making it harder to detect. During testing, the tester had to tweak and tamper with the payload three times to bypass the Web Application Firewall (WAF) protection successfully. Finally, the injection payload executed and successfully accessed the database, confirming the vulnerability. The WAF vendor is not specified.