Skip to main content
Glama

Vulnerable MCP Server

by evrenyal

Vulnerable MCP Server

This project is an intentionally vulnerable MCP (Model Context Protocol) app, designed for security research.

DO NOT use in production environments.
It executes raw SQL and system commands with no authentication or restrictions.


⚙️ MCP SERVER

A command execution server that combines:

  • FastAPI for the HTTP interface
  • SQLite as a persistent database
  • Ollama LLM to interpret natural language queries
  • JSON-RPC as the main API protocol

This system routes natural language input to either SQL queries or shell commands, using a locally running LLM via Ollama.

Built to test SQL Injection (SQLi) and Remote Code Execution (RCE) vulnerabilities
via FastAPI, JSON-RPC, and LLM-based decision logic.


⚙️ WARNING: Security Notice

This app is intentionally insecure:

  • ❗ No authentication or access control
  • ❗ Accepts and executes raw SQL queries and shell commands
  • ❗ No input validation
  • ❗ LLM responses are blindly executed

Use only in isolated environments, CTFs, or research labs.


⚙️ Features

  • LLM-based decision logic for command routing (SQL or CLI)
  • Native execution of SQL and terminal commands
  • Auto-initializing SQLite database with sample data
  • Simple, pluggable JSON-RPC methods
  • Vulnerable by design — suitable for offensive/defensive testing

⚙️ Installation

git clone https://github.com/your-repo/mcp-vulnerable-app.git cd mcp-vulnerable-app docker-compose up --build docker network connect mcplab ollama docker network connect mcplab mcp_internal docker network connect mcplab mcp_remote
-
security - not tested
F
license - not found
-
quality - not tested

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

Intentionally vulnerable Model Context Protocol (MCP) server designed for security research that processes natural language queries through an LLM to execute SQL queries or shell commands without restrictions.

  1. ⚙️ MCP SERVER
    1. ⚙️ WARNING: Security Notice
      1. ⚙️ Features
        1. ⚙️ Installation

          Related MCP Servers

          • A
            security
            A
            license
            A
            quality
            A Model Context Protocol (MCP) server that provides integration with the Have I Been Pwned API to check if your accounts or passwords have been compromised in data breaches.
            Last updated -
            4
            1
            JavaScript
            MIT License
            • Apple
          • A
            security
            A
            license
            A
            quality
            A Model Context Protocol (MCP) server designed to easily dump your codebase context into Large Language Models (LLMs).
            Last updated -
            1
            9
            1
            JavaScript
            Apache 2.0
          • -
            security
            F
            license
            -
            quality
            A deliberately vulnerable MCP server that allows clients to interact with a database for educational purposes, demonstrating security vulnerabilities including SQL injection, arbitrary code execution, and sensitive data exposure.
            Last updated -
            4
            Python
          • -
            security
            F
            license
            -
            quality
            A Model Context Protocol (MCP) server that converts natural language queries into SQL statements, allowing users to query MySQL databases using conversational language instead of writing SQL code.
            Last updated -
            3
            TypeScript

          View all related MCP servers

          MCP directory API

          We provide all the information about MCP servers via our MCP API.

          curl -X GET 'https://glama.ai/api/mcp/v1/servers/evrenyal/mcpsecurity'

          If you have feedback or need assistance with the MCP directory API, please join our Discord server