fix for ignored body data on post requests with urls containing param…

[patricklangx]

What does it implement/fix? Explain your changes.

When a POST request includes both URL parameters and body data, the body data is ignored.

The current implementation assumes that if parameters are present in the URL, there is no data in the body.

This issue can be replicated using the search request on http://testphp.vulnweb.com, where the searchFor parameter is vulnerable to XSS.

For example, if the following request is made:

python3 xsstrike.py -u "http://testphp.vulnweb.com/search.php?test=query" --data "searchFor=somevalue&goButton=go"

the body data is disregarded, and no reflection is detected. However, if no URL parameter is provided:

python3 xsstrike.py -u "http://testphp.vulnweb.com/search.php" --data "searchFor=somevalue&goButton=go"

the reflection is detected.

This commit addresses the issue by rewriting the getParams function in core/utils.py.

Where has this been tested?

Python Version: 3.9.6
Operating System: MacOS 15.4

Does this close any currently open issues?

No.

Does this add any new dependency?

No.

Does this add any new command line switch/option?

No.

Any other comments you would like to make?

n/a

Some Questions

• I have documented my code.
• I have tested my build before submitting the pull request.