Vulnerable MCP Server
This project is an intentionally vulnerable MCP (Model Context Protocol) app, designed for security research.
DO NOT use in production environments.
It executes raw SQL and system commands with no authentication or restrictions.
MCP SERVER
A command execution server that combines:
- FastAPI for the HTTP interface
- SQLite as a persistent database
- Ollama LLM to interpret natural language queries
- JSON-RPC as the main API protocol
This system routes natural language input to either SQL queries or shell commands, using a locally running LLM via Ollama.
Built to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities
via FastAPI, JSON-RPC, and LLM-based decision logic.
WARNING: Security Notice
This app is intentionally insecure:
No authentication or access control
Accepts and executes raw SQL queries and shell commands
No input validation
LLM responses are blindly executed
Use only in isolated environments, CTFs, or research labs.
Features
- LLM-based decision logic for command routing (SQL or CLI)
- Native execution of SQL and terminal commands
- Auto-initializing SQLite database with sample data
- Simple, pluggable JSON-RPC methods
- Vulnerable by design — suitable for offensive/defensive testing
Installation
git clone https://github.com/your-repo/mcp-vulnerable-app.git
cd mcp-vulnerable-app
docker-compose up --build
docker network connect mcplab ollama
docker network connect mcplab mcp_internal
docker network connect mcplab mcp_remote
Vulnerable MCP Server
Project Details
- evrenyal/mcpsecurity
- Last Updated: 4/16/2025
Recomended MCP Servers
GitLabのカンバンボード操作を行うためのMCPサーバー
Dify 1.0 Plugin Convert your Dify tools's API to MCP compatible API
An MCP server for AI agents to explore DeFi yield opportunities, powered by DefiLlama.
MCP server for interacting with SQLExpress
An MCP server that aggregates real-time cryptocurrency news from multiple RSS feeds.
This is an MCP-Server adapter provided by TapData for use with LLM's
GeekNews MCP Server
Jira MCP Server