thank @f0ng
This program is to use sleep to confirm whether there is any vulnerability, set the delay time for 3s, and modify the delay time according to the environment.
This program has realized the harmless detection vulnerability, does not have attack function.
pocsuite -r Spring-Cloud-Function-SpEL-POC.py -u url --verify
This program uses DNSlog to reply to display and confirm whether the target has vulnerabilities and can connect to the Internet. The delay time is set to 5s, and the delay time can be modified according to the environment.
pocsuite -r Spring-Cloud-Function-SpEL_POC_EXP.py -u url --verify
pocsuite -r Spring-Cloud-Function-SpEL_POC_EXP.py -u url --attack --command "[command]"