Vulnerable MCP Server
@evrenyal
关于 Vulnerable MCP Server
Vulnerable MCP Server
基本信息
配置
工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Vulnerable MCP Server?
An intentionally vulnerable MCP (Model Context Protocol) application designed for security research. It combines FastAPI, SQLite, a local Ollama LLM, and JSON-RPC to route natural language inputs to SQL queries or shell commands, enabling testing of SQL injection (SQLi) and remote code execution (RCE) vulnerabilities.
How to use Vulnerable MCP Server?
Clone the repository, run docker-compose up --build, then connect the Ollama and MCP containers to the same Docker network using docker network connect mcplab ollama and docker network connect mcplab mcp_internal and docker network connect mcplab mcp_remote. The server starts with an auto-initializing SQLite database and exposes JSON-RPC methods.
Key features of Vulnerable MCP Server
- LLM-based decision logic for command routing (SQL or CLI)
- Native execution of SQL and terminal commands
- Auto-initializing SQLite database with sample data
- Simple, pluggable JSON-RPC methods
- Vulnerable by design — suitable for offensive/defensive testing
Use cases of Vulnerable MCP Server
- Testing SQL injection (SQLi) in a controlled environment
- Testing remote code execution (RCE) via command injection
- Building capture-the-flag (CTF) challenges or security labs
- Evaluating LLM-based decision logic for security misuses
FAQ from Vulnerable MCP Server
Is this safe for production?
No. The app is intentionally insecure: it has no authentication, no input validation, and blindly executes raw SQL and shell commands as well as LLM responses.
What is the purpose of this server?
It is built for security research, CTFs, and offensive/defensive testing of SQLi and RCE vulnerabilities in LLM-driven systems.
What are the runtime dependencies?
Docker, a local Ollama instance with an LLM, and an isolated network environment. The server itself runs on FastAPI with SQLite.
Does it require authentication or access control?
No. The server explicitly lacks any authentication or access control mechanisms.
What kind of vulnerabilities does it simulate?
It simulates SQL injection (SQLi) via native SQL execution and remote code execution (RCE) via unrestricted shell command execution, both routed through LLM decision logic.
其他 分类下的更多 MCP 服务器
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
Website
FunnyWolfAdversary simulation and Red teaming platform with AI
Mobile Mcp
mobile-nextModel Context Protocol Server for Mobile Automation and Scraping (iOS, Android, Emulators, Simulators and Real Devices)
Awesome Mlops
visengerA curated list of references for MLOps
Activepieces
activepiecesAI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
评论