thx you for your comment everyone
you right but there is verification process before so it wont work
@AwesomeTRADER :for the pentest you free to run any exploit scanner , i cannot say you will not find any exploit , but sql is PDO prepared statement so i doubt any injection is possible here, but exploit need a POC not just a alarm (what common public exploit scanner does)
this project still have a lot of work anyway but it work pretty well for now and all aspect of cryptsy are covered (except node.js)
im in bitcoin from 2009 but i code little bit php and i had developer from a school in south of france to code the engine
Great Job by the way, forking it now.
@all: here's some relevant context as well