kenhuangus_mcp-vulnerable-server-demo
0
This project is an educational demo designed to showcase security vulnerabilities in a Model Context Protocol server. It includes a vulnerable server, regular client, and an attack client demonstrating potential exploits.
Overview
This project demonstrates a vulnerable MCP server and multiple clients, including a proof-of-concept attack client and a good client. It showcases potential security vulnerabilities in MCP servers for educational purposes.
Features & Vulnerabilities
- insert_record: Vulnerable to SQL injection.
- query_records: Exposes data without authentication.
- execute_sql: Allows arbitrary SQL commands.
- get_env_variable: Leaks environment variables.