This tweet describes a Web Application Firewall (WAF) bypass technique where the requester changed the HTTP method from GET to POST and used dirty data to bypass WAF interception. The WAF in question is noted as strong in blocking network attacks but was circumvented by this method. Although the vendor is not specified, the technique demonstrates that changing the request method and using less clean or 'dirty' data can evade WAF detection. This bypass is applicable to general cases where WAF filters are method-dependent and may ignore or handle POST data differently from GET query parameters. Bug bounty hunters can consider this approach when testing WAFs, trying to alter HTTP methods and payload formats to find weaknesses.
Check out the original tweet here: https://twitter.com/su1x1n/status/2047576191486607708