The tweet suggests applying SQL injection (SQLi) directly on the origin IP behind the WAF as an alternative to bypassing it. This method involves targeting vulnerabilities in the back-end server directly, instead of trying to bypass the WAF. It's important to note that this approach may not always work and is also risky as it can lead to unauthorized access to the server. It's recommended to follow secure coding practices and implement proper protection mechanisms at both the application and network levels to prevent SQLi attacks.
Original tweet: https://twitter.com/1hey_thunder/status/1880827168227557722