- Home
- MCP servers
- Vuln
Vuln
- python
4
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"kenhuangus-mcp-vulnerable-server-demo": {
"command": "python",
"args": [
"vuln-mcp.py"
]
}
}
}You run a minimal MCP server that exposes a set of tools for managing records and environment data. This educational server helps you see how insecure tools can be misused, and it guides you through safer, hardened patterns for real deployments.
How to use
You interact with the vulnerable MCP server by running a local server process and then connecting to it with a dedicated MCP client. In this setup, you start the server and then use a good client to insert and query records, or switch to an attack client to observe how vulnerabilities can be exploited. The interaction flow is focused on practical demonstrations of insert, query, and environment access tools.
How to install
Prerequisites you need before starting:
Install the required Python dependencies using the provided requirements file.
pip install -r requirements.txt
Additional notes and steps
To run the server and interact with it, follow this practical flow. First start the server script using Python, then connect with the good client to perform normal operations, or use the attack client to observe exploit behavior.
Available tools
insert_record
Inserts a name/address record into the database. This tool is vulnerable to SQL injection due to direct string interpolation of user input.
query_records
Lists all records in the database. This tool exposes data without authentication or access control.
execute_sql
Executes arbitrary SQL queries provided by the client. This tool can run any SQL command, including destructive ones.
get_env_variable
Returns the value of any environment variable requested. This tool can leak sensitive data such as secrets or API keys.