MCP.so
Sign In

Vulnerable MCP Server

@evrenyal

About Vulnerable MCP Server

Vulnerable MCP Server

Basic information

Category

Other

Runtime

python

Transports

stdio

Publisher

evrenyal

Config

No standard config provided

This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.

Repository

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Vulnerable MCP Server?

An intentionally vulnerable MCP (Model Context Protocol) application designed for security research. It combines FastAPI, SQLite, a local Ollama LLM, and JSON-RPC to route natural language inputs to SQL queries or shell commands, enabling testing of SQL injection (SQLi) and remote code execution (RCE) vulnerabilities.

How to use Vulnerable MCP Server?

Clone the repository, run docker-compose up --build, then connect the Ollama and MCP containers to the same Docker network using docker network connect mcplab ollama and docker network connect mcplab mcp_internal and docker network connect mcplab mcp_remote. The server starts with an auto-initializing SQLite database and exposes JSON-RPC methods.

Key features of Vulnerable MCP Server

  • LLM-based decision logic for command routing (SQL or CLI)
  • Native execution of SQL and terminal commands
  • Auto-initializing SQLite database with sample data
  • Simple, pluggable JSON-RPC methods
  • Vulnerable by design — suitable for offensive/defensive testing

Use cases of Vulnerable MCP Server

  • Testing SQL injection (SQLi) in a controlled environment
  • Testing remote code execution (RCE) via command injection
  • Building capture-the-flag (CTF) challenges or security labs
  • Evaluating LLM-based decision logic for security misuses

FAQ from Vulnerable MCP Server

Is this safe for production?

No. The app is intentionally insecure: it has no authentication, no input validation, and blindly executes raw SQL and shell commands as well as LLM responses.

What is the purpose of this server?

It is built for security research, CTFs, and offensive/defensive testing of SQLi and RCE vulnerabilities in LLM-driven systems.

What are the runtime dependencies?

Docker, a local Ollama instance with an LLM, and an isolated network environment. The server itself runs on FastAPI with SQLite.

Does it require authentication or access control?

No. The server explicitly lacks any authentication or access control mechanisms.

What kind of vulnerabilities does it simulate?

It simulates SQL injection (SQLi) via native SQL execution and remote code execution (RCE) via unrestricted shell command execution, both routed through LLM decision logic.

Comments

More Other MCP servers