Insecure MCP Demo
@MCP-Mirror
关于 Insecure MCP Demo
Mirror of
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"kenhuangus_mcp-vulnerable-server-demo": {
"command": "python",
"args": [
"good-mcp-client.py",
"vuln-mcp.py"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Insecure MCP Demo?
This project demonstrates a vulnerable MCP server and multiple clients, including a proof-of-concept attack client and also a good client. It is designed for educational purposes to showcase potential security vulnerabilities in an MCP server.
How to use Insecure MCP Demo?
Install dependencies with pip install -r requirements.txt. Start the server and good client by running python good-mcp-client.py vuln-mcp.py. To run the automated attack client, use python attack-mcp-client.py vuln-mcp.py in a separate terminal.
Key features of Insecure MCP Demo
- Exposes insecure tools: insert_record, query_records, execute_sql, get_env_variable
- Demonstrates SQL injection through unsanitized user input
- Allows arbitrary SQL command execution via execute_sql
- Leaks sensitive environment variables via get_env_variable
- No authentication or access control on any tool
Use cases of Insecure MCP Demo
- Educating developers about MCP security vulnerabilities
- Demonstrating SQL injection in MCP servers
- Showing risks of exposing environment variables
- Testing attack techniques in a safe environment
- Teaching how to secure MCP servers using mitigation strategies
FAQ from Insecure MCP Demo
What vulnerabilities does the Insecure MCP Demo demonstrate?
It demonstrates SQL injection, arbitrary SQL execution, sensitive data exposure, and lack of access control.
How do I run the attack client?
Run python attack-mcp-client.py vuln-mcp.py in a separate terminal to automatically attempt exploitation.
Can the Insecure MCP Demo be deployed in production?
No, this project is for educational and demonstration purposes only and must not be deployed in production.
How can I mitigate the vulnerabilities shown?
Mitigation strategies include using parameterized queries, restricting dangerous tools, implementing authentication, validating input, limiting environment variable access, auditing usage, and applying least privilege.
其他 分类下的更多 MCP 服务器
XcodeBuildMCP
cameroncookeA Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
AutoBrowser MCP
autobrowser-aiBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
Unity MCP ✨
justinpbarnettUnity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control scenes, edit scripts, and automate tasks within Unity.
评论