MCP.so
登录

Vulnerable MCP Server

@evrenyal

关于 Vulnerable MCP Server

Vulnerable MCP Server

基本信息

分类

其他

运行时

python

传输方式

stdio

发布者

evrenyal

配置

暂无标准配置

该服务器的 README 中没有可解析的 MCP 配置块,请前往代码仓库查看安装说明。

代码仓库

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Vulnerable MCP Server?

An intentionally vulnerable MCP (Model Context Protocol) application designed for security research. It combines FastAPI, SQLite, a local Ollama LLM, and JSON-RPC to route natural language inputs to SQL queries or shell commands, enabling testing of SQL injection (SQLi) and remote code execution (RCE) vulnerabilities.

How to use Vulnerable MCP Server?

Clone the repository, run docker-compose up --build, then connect the Ollama and MCP containers to the same Docker network using docker network connect mcplab ollama and docker network connect mcplab mcp_internal and docker network connect mcplab mcp_remote. The server starts with an auto-initializing SQLite database and exposes JSON-RPC methods.

Key features of Vulnerable MCP Server

  • LLM-based decision logic for command routing (SQL or CLI)
  • Native execution of SQL and terminal commands
  • Auto-initializing SQLite database with sample data
  • Simple, pluggable JSON-RPC methods
  • Vulnerable by design — suitable for offensive/defensive testing

Use cases of Vulnerable MCP Server

  • Testing SQL injection (SQLi) in a controlled environment
  • Testing remote code execution (RCE) via command injection
  • Building capture-the-flag (CTF) challenges or security labs
  • Evaluating LLM-based decision logic for security misuses

FAQ from Vulnerable MCP Server

Is this safe for production?

No. The app is intentionally insecure: it has no authentication, no input validation, and blindly executes raw SQL and shell commands as well as LLM responses.

What is the purpose of this server?

It is built for security research, CTFs, and offensive/defensive testing of SQLi and RCE vulnerabilities in LLM-driven systems.

What are the runtime dependencies?

Docker, a local Ollama instance with an LLM, and an isolated network environment. The server itself runs on FastAPI with SQLite.

Does it require authentication or access control?

No. The server explicitly lacks any authentication or access control mechanisms.

What kind of vulnerabilities does it simulate?

It simulates SQL injection (SQLi) via native SQL execution and remote code execution (RCE) via unrestricted shell command execution, both routed through LLM decision logic.

评论

其他 分类下的更多 MCP 服务器