The tweet suggests manual endpoint crawling to find parameters that can be exposed, such as 'index.php?I'd=', and manually checking the source code to bypass WAF. This methodology can be used to potentially bypass all WAFs. It is essential for WAF administrators to regularly update their rules and configurations to prevent such bypass techniques.
For more insights, check out the original tweet here: https://twitter.com/LanaJam88979549/status/1822680998976331944. And don’t forget to follow @LanaJam88979549 for more exciting updates in the world of cybersecurity.