Which integrations are available for this server?

Provides containerization for the MCP server deployment, with network configuration to connect services Used as the HTTP interface for the MCP server, handling incoming requests and providing the API endpoints Provides the locally running LLM that interprets natural language queries and determines whether to route them to SQL or shell commands Serves as the persistent database for the MCP server, storing data that can be queried via SQL

How do I use Vulnerable MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Vulnerable MCP Server show me all user records from the database" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Vulnerable MCP Server

This project is an intentionally vulnerable MCP (Model Context Protocol) app, designed for security research.

DO NOT use in production environments.
It executes raw SQL and system commands with no authentication or restrictions.

⚙️ MCP SERVER

A command execution server that combines:

FastAPI for the HTTP interface
SQLite as a persistent database
Ollama LLM to interpret natural language queries
JSON-RPC as the main API protocol

This system routes natural language input to either SQL queries or shell commands, using a locally running LLM via Ollama.

Built to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities
via FastAPI, JSON-RPC, and LLM-based decision logic.

Related MCP server: @lex-tools/codebase-context-dumper

⚙️ WARNING: Security Notice

This app is intentionally insecure:

❗ No authentication or access control
❗ Accepts and executes raw SQL queries and shell commands
❗ No input validation
❗ LLM responses are blindly executed

Use only in isolated environments, CTFs, or research labs.

⚙️ Features

LLM-based decision logic for command routing (SQL or CLI)
Native execution of SQL and terminal commands
Auto-initializing SQLite database with sample data
Simple, pluggable JSON-RPC methods
Vulnerable by design — suitable for offensive/defensive testing

⚙️ Installation

git clone https://github.com/your-repo/mcp-vulnerable-app.git cd mcp-vulnerable-app docker-compose up --build docker network connect mcplab ollama docker network connect mcplab mcp_internal docker network connect mcplab mcp_remote