thx you R3wt for these words ....

its definly more easy to run  scanner from Kali ,instead code from scratch this open source exchange

you cannot sweep the work just for some basic (important also) security breach

also as i said exploit need POC so please if you can report and show it would be a good contribution at least

you wont find LFi/RFi here , maybe an xss or sql injection as u find

as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this

it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)

i would recommend to also change request $GET  to $POST