LOXS fails to detect parameters inside URL fragments

[bytes-Knight]

Summary
LOXS works correctly with standard query parameters (e.g., ?q=) but fails to detect and scan parameters when they are present inside the fragment portion of a URL (e.g., #q=).

Example

• ✅ Works: https://www.amsoilindustrial.com/search/?q=xss&t=totalProductsTab
• ❌ Fails: https://www.amsoilindustrial.com/search/#q=xss&t=totalProductsTab

Observed Behavior

• When scanning with ?q=, LOXS identifies and processes the parameter as expected.
• When scanning with #q=, LOXS reports Total found: 0 and Total scanned: 0 even though parameters are present.

Expected Behavior
LOXS should also parse and test parameters that appear in the fragment portion of URLs (#), as many modern applications pass data through hash fragments (e.g., single-page apps).

Steps to Reproduce

1. Run LOXS with a URL containing query parameters in the fragment (#).
2. Observe that no parameters are detected or tested.

This limits LOXS’s coverage on modern web applications that use fragment-based routing or client-side parameters, potentially missing XSS vectors.

[Hghost0x00]

Hello,

I'll take a look and fix it as soon as possible.

I'll keep the issue open and keep you updated.

Thanks for your feedback 🫡

Best Regards,
Hghost010

[bytes-Knight]

Hello Hghost010,

Thanks for the response and for keeping the issue open.
I’ll be looking forward to your updates once the fix is in place.

Best regards,
Bytes_Knight

[Hghost0x00]

Hello,

Sorry for the delay. I've fixed the issue and will release the update tonight.

Thanks again for your contribution.

I'll add the details of the fix to the new tag that will be created.

Best regards,
Hghost010

[bytes-Knight]

Hello Hghost010,

No worries at all, and thank you for the update. I appreciate you taking the time to fix the issue and for planning to include the details in the new tag. Looking forward to the release tonight :)

Best regards,
Bytes_Knight

[Hghost0x00]

Hey,

I’ve just released the new version 🙂

🔗 https://github.com/coffinxp/loxs/releases/tag/v2.1.0

I'm going to tweet about this update. If you have an X account I can tag, that'd be cool ;)

Thanks again, and have a great day!
Hghost010

[bytes-Knight]

Hey Hghost010,

That’s awesome, thanks for shipping the new release! I’ll check out the update. 😃
I do have an X account — you can tag me at @bytes_Knight ;P

Appreciate the shoutout and congrats on the release!

Best regards,
Bytes_Knight

[bytes-Knight]

I’m really excited to see the LOXS GUI mode you shared on X. You’re doing an excellent job, and I genuinely appreciate all the effort you’re putting into this project 😀