Skip to main content
Glama

Adversary MCP Server

by brettbergin
vulnerable_php.php4.58 kB
<?php // 1. SQL Injection vulnerability function sqlInjection($userId) { $connection = new mysqli("localhost", "user", "password", "database"); // Direct string concatenation - vulnerable to SQL injection $query = "SELECT * FROM users WHERE id = '" . $userId . "'"; $result = $connection->query($query); return $result; } // 2. Command Injection function commandInjection($filename) { // User input directly passed to shell command $output = shell_exec("cat " . $filename); echo $output; } // 3. Path Traversal function pathTraversal($filename) { // No validation of filename - allows directory traversal $content = file_get_contents("/uploads/" . $filename); echo $content; } // 4. Code Injection via eval() function codeInjection($userCode) { // Direct execution of user-provided code eval($userCode); } // 5. File Inclusion vulnerability function fileInclusion($page) { // Dynamic file inclusion without validation include("/pages/" . $page . ".php"); } // 6. Cross-Site Scripting (XSS) function xssVulnerability($userInput) { // Direct output of user input without escaping echo "<div>Hello " . $userInput . "</div>"; } // 7. LDAP Injection function ldapInjection($username) { // User input directly concatenated into LDAP filter $filter = "(uid=" . $username . ")"; // LDAP search with vulnerable filter echo "LDAP Filter: " . $filter; } // 8. Weak cryptography - MD5 function weakCrypto($password) { // MD5 is cryptographically broken return md5($password); } // 9. Hardcoded credentials define('DATABASE_PASSWORD', 'admin123'); define('API_KEY', 'sk-1234567890abcdef'); define('JWT_SECRET', 'super_secret_key'); // 10. Open Redirect function openRedirect() { // Redirect to user-provided URL without validation $redirectUrl = $_GET['url']; header("Location: " . $redirectUrl); exit(); } // 11. Insecure random number generation function insecureRandom() { // Using rand() instead of cryptographically secure random return rand(1000, 9999); } // 12. XML External Entity (XXE) vulnerability function xxeVulnerability($xmlInput) { // XML parser with external entities enabled $doc = new DOMDocument(); $doc->loadXML($xmlInput); // Vulnerable to XXE attacks return $doc; } // 13. Unsafe deserialization function unsafeDeserialization($data) { // Deserializing untrusted data return unserialize($data); } // 14. Information disclosure function informationDisclosure($input) { try { $value = intval($input); if ($value === 0) { throw new Exception("Invalid input"); } } catch (Exception $e) { // Exposing sensitive information in error messages echo "Error: " . $e->getMessage(); echo "Database: mysqli://root:password@localhost/production"; echo "File path: " . __FILE__; } } // 15. Session fixation function sessionFixation() { // Not regenerating session ID after login $_SESSION['user_id'] = $_POST['user_id']; $_SESSION['logged_in'] = true; } // 16. Insecure file upload function insecureFileUpload() { // No validation of file type or content $uploadDir = "/uploads/"; $uploadFile = $uploadDir . $_FILES['file']['name']; move_uploaded_file($_FILES['file']['tmp_name'], $uploadFile); } // 17. Server-Side Request Forgery (SSRF) function ssrfVulnerability($url) { // Making HTTP request to user-provided URL $content = file_get_contents($url); return $content; } // 18. Race condition $counter = 0; function raceCondition() { global $counter; // Not thread-safe (in multi-threaded PHP environments) $counter++; } // 19. Time-based blind SQL injection function timeBlindsqlInjection($userId) { $connection = new mysqli("localhost", "user", "password", "database"); // Vulnerable to time-based blind SQL injection $query = "SELECT * FROM users WHERE id = '" . $userId . "' AND SLEEP(5)"; $result = $connection->query($query); return $result; } // 20. NoSQL Injection (MongoDB example) function nosqlInjection($username) { // Assuming MongoDB PHP driver usage $filter = ['username' => $username]; // Could be manipulated if $username is an array // In real scenario: $collection->findOne($filter); return $filter; } // Example usage (commented to prevent actual execution) // commandInjection("file.txt; rm -rf /"); // pathTraversal("../../../etc/passwd"); // codeInjection("phpinfo();"); echo "Vulnerable PHP examples loaded successfully\n"; ?>

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/brettbergin/adversary-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server