[BUG] Ampersand symbol issues in unsafe raw HTTP request

[KGorbakon]

Is there an existing issue for this?

• I have searched the existing issues.

Current Behavior

In raw http requests with option unsafe: true ampersand symbol ("&") disappears if it was placed in the end of URL.
GET /some_page/start.xml?=====& HTTP/1.1 transforms to GET /some_page/start.xml?==== in result request.
Also, if there more than two ampersands in the end of the query: "GET /some_page/start.xml?=====&&&& HTTP/1.1", the request transforms into GET /some_page/start.xml?=====&=&= HTTP/1.1.

POCs from https://cloud.projectdiscovery.io/templates:

Expected Behavior

Request shouldn't be transformed if option unsafe marked as true. Ampersand in the end of URL sometimes breaks logic of web-server and may be used as safecheck for CVEs in nuclei templates.

Steps To Reproduce

Send such requests with debug mode to reproduce the issue and look how they will be trasnformed:

http:
  - raw:
      - |+
        GET /some_page/start.xml?=====& HTTP/1.1
        Host: {{Hostname}}

    unsafe: true

http:
  - raw:
      - |+
        GET /some_page/start.xml?=====&&&& HTTP/1.1
        Host: {{Hostname}}

    unsafe: true

Relevant log output

No response

Environment

- OS: Windows 10
- Nuclei: v3.3.1
- Go: go1.22.3 windows/amd64

Anything else?

No response

[dogancanbakir]

For solution, #4563 (comment)