Output explanation request

[Caerlochlann]

I ran the program for the following pattern: \$\{(?<name>.*?)(:(?<default>.*?))?\}. I received the following output, which I truncate for the sake of better visibility:

Vulnerable: L-@K}M#(${M#(${:.[...]
100534 : 141.00140252454418 : L-@K}M#(${M#(${:.N%nEOiF  z31aBF3EaAc6Dd370De2bF95CeA47a0PI75QgNy6:u<v;oY|rQ9mNr@cMMV3RwDvBj?hGT~<gNy6:u<v;oY|rQ9mNr@cMMV3R8YLx)J$Vj.t:FyjC8YLx)J${x[aC64E924eD8715333d62d80319df5BD8c78BF1CddCFB448b38F88Ab14F773FfB7c5d3EaED34605d1Lx)J$Vj.t:FyjC8YLx)J$Vj.t:FyjC8YLx)J${x[aC64E99eCcBa5E6fc0B0cfB515E6F7b69C2e79A1dd67eBEDb0C72b3457ECAffffA559E64a6083bdfF4f28CA13fb2BbBCF07cBEDe2bF95CeA47a0B3ACBb9DfaADC2A3(${6DA76fCf8a4C1D180wwiphvgtjnwnjmfgpcmzqhv.t:FyjC8YLx)J$Vj.t:FyjC8YLx)J${:t.jF1CddCFB448b38F88Ab14F773F6D76Ff3e78d3EaED34605d14D3b4f312E4BEbDb9EfcDcEcB7AfE008AFaC5CF2cf619e116DrQ9mNr@cMMV3RwDvBj?hGT~<pdEYKMonzEQ4I:rIL6[
[...]
TIME: 266.21786212 (s)
Attack failed

How am I supposed to interpret the result that a vulnerable string has been found, but the attack failed nevertheless?

[2bdenny]

If I remember correctly, two ways I recommended. One is run the jar with parameter "-v" (you can get all available parameters by "-h"), then put the regex and the attack string through UI widget, another is writing a simple java program by hand, call the Regex.match with the regex and the string to check.

As you know, this work is done based on JDK 8 I think, but these years, JDK upgraded many times, I can't promise the attack string is still work for the new JDK, maybe u could implement the strategy by yourself.