Insecure MCP Demo
@MCP-Mirror
Insecure MCP Demo について
Mirror of
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"kenhuangus_mcp-vulnerable-server-demo": {
"command": "python",
"args": [
"good-mcp-client.py",
"vuln-mcp.py"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Insecure MCP Demo?
This project demonstrates a vulnerable MCP server and multiple clients, including a proof-of-concept attack client and also a good client. It is designed for educational purposes to showcase potential security vulnerabilities in an MCP server.
How to use Insecure MCP Demo?
Install dependencies with pip install -r requirements.txt. Start the server and good client by running python good-mcp-client.py vuln-mcp.py. To run the automated attack client, use python attack-mcp-client.py vuln-mcp.py in a separate terminal.
Key features of Insecure MCP Demo
- Exposes insecure tools: insert_record, query_records, execute_sql, get_env_variable
- Demonstrates SQL injection through unsanitized user input
- Allows arbitrary SQL command execution via execute_sql
- Leaks sensitive environment variables via get_env_variable
- No authentication or access control on any tool
Use cases of Insecure MCP Demo
- Educating developers about MCP security vulnerabilities
- Demonstrating SQL injection in MCP servers
- Showing risks of exposing environment variables
- Testing attack techniques in a safe environment
- Teaching how to secure MCP servers using mitigation strategies
FAQ from Insecure MCP Demo
What vulnerabilities does the Insecure MCP Demo demonstrate?
It demonstrates SQL injection, arbitrary SQL execution, sensitive data exposure, and lack of access control.
How do I run the attack client?
Run python attack-mcp-client.py vuln-mcp.py in a separate terminal to automatically attempt exploitation.
Can the Insecure MCP Demo be deployed in production?
No, this project is for educational and demonstration purposes only and must not be deployed in production.
How can I mitigate the vulnerabilities shown?
Mitigation strategies include using parameterized queries, restricting dangerous tools, implementing authentication, validating input, limiting environment variable access, auditing usage, and applying least privilege.
「その他」の他のコンテンツ
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
🪟 Windows-MCP
CursorTouchMCP Server for Computer Use in Windows
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
Activepieces
activepiecesAI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
コメント