mcp-vulnerable -demo

This MCP server implements an intentionally vulnerable MCP backend for educational purposes. It exposes tools such as insert_record, query_records, execute_sql, and get_env_variable to demonstrate common security pitfalls like SQL injection, unprotected data access, and environment variable leakage. To use it, first start the server with Python, then connect using the provided good client for normal interactions or the attack client to observe how vulnerabilities can be exploited. The good client interactively inserts and queries records, while the attack client automatically attempts SQL injection, executes arbitrary queries, and reads environment variables to illustrate potential data exposure and control risks.

Prerequisites: Python 3.x and internet access. Optional: virtual environments. Steps:

1. Ensure Python is installed: python --version
2. Install dependencies: pip install -r requirements.txt
3. Start the vulnerable MCP server: python vuln-mcp.py
4. In a separate terminal, run the good client to interact normally: python good-mcp-client.py vuln-mcp.py
5. In another terminal, run the attack client to demonstrate vulnerabilities: python attack-mcp-client.py vuln-mcp.py

Tips and caveats:

• This project is for educational demonstration only. Do not deploy in production.
• The server intentionally exposes dangerous tools (execute_sql, get_env_variable) to illustrate security risks; in real environments, remove or tightly restrict these tools.
• Use parameterized queries to prevent SQL injection (example in the repository's mitigation notes).
• Consider implementing authentication and authorization, input validation, and access controls before exposing database or system commands.
• If environment variables contain sensitive data, limit exposure and sanitize results returned by get_env_variable.