Vulnerable-file-reader-server

Vulnerable-file-reader-server

1
security

The project highlights a significant command injection vulnerability in a Python MCP server. It demonstrates how improper input handling can lead to arbitrary command execution, providing educational insights into preventing such security flaws.

Command Injection Vulnerability in MCP File Reader

This repository demonstrates a critical command injection vulnerability in a Python MCP server implementation, allowing attackers to execute arbitrary shell commands on the host system. The vulnerability is located in the read_file function, which uses shell=True without proper sanitization and only superficial validation.Installation

  • Prerequisites: Python 3.12 or higher and MCP library version 1.6.0.
  • Setup involves cloning the repository, installing the MCP server, configuring Claude Desktop, and starting the MCP server in development mode. Demonstration Exploit involves connecting to the server with MCP Inspector, using the read_file tool, and demonstrating command execution. Proper Fix Avoid using shell=True with user input, and use a list of arguments instead, or proper quoting and path validation.Warning This code is for educational purposes only and should not be used in production environments.