Demonstrates a vulnerable Model Context Protocol server with tools for inserting and querying records, executing arbitrary SQL, and accessing environment variables, highlighting critical security flaws like SQL injection, unauthorized data exposure, and lack of access control for educational purposes.
Unlock the full potential of Insecure MCP Demo through LangDB's AI Gateway. Get enterprise-grade security, analytics, and seamless integration with zero configuration.
Free tier available • No credit card required
This project demonstrates a vulnerable MCP server and multiple clients, including a proof-of-concept attack client and also a good client. It is designed for educational purposes to showcase potential security vulnerabilities in MCP server.
vuln-mcp.py
: Vulnerable MCP server exposing insecure tools.good-mcp-client.py
: Regular good client for normal interactions (insert/query records).attack-mcp-client.py
: Automated attack client that demonstrates exploitation of server vulnerabilities.requirements.txt
: Python dependencies for the project.pip install -r requirements.txt
In one terminal:
python good-mcp-client.py vuln-mcp.py
Follow the prompts to insert/query records interactively.
In another terminal:
python attack-mcp-client.py vuln-mcp.py
This will automatically:
execute_sql
tool allows attackers to run any SQL command, including data theft or destruction.get_env_variable
tool allows attackers to read secrets and configuration values.To secure a real-world MCP server, you should:
cursor.execute("INSERT INTO records (name, address) VALUES (?, ?)", (name, address))
execute_sql
and get_env_variable
.This project is for educational and demonstration purposes only. Do not deploy this code in production environments.
For questions or further improvements, please open an issue or contact the project maintainer.
Discover shared experiences
Shared threads will appear here, showcasing real-world applications and insights from the community. Check back soon for updates!