Home
MCP Servers
Eliran79
Vulnerable-file-reader-server

Vulnerable-file-reader-server

3.2

If you are the rightful owner of Vulnerable-file-reader-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

This repository demonstrates a critical command injection vulnerability in a Python MCP server implementation.

The Model Context Protocol (MCP) server in this repository is designed to read files from a specified directory. However, it contains a command injection vulnerability in the `read_file` function. This vulnerability arises from the use of `shell=True` in the `subprocess.check_output` call, which allows attackers to execute arbitrary shell commands by manipulating the file path parameter. The server is intended for educational purposes to highlight the risks associated with improper input handling and command execution in Python applications. Users are advised to never use this code in production environments.

Features

Demonstrates command injection vulnerability
Educational tool for understanding security flaws
Includes setup and exploitation instructions
Provides examples of command injection payloads
Offers guidance on secure coding practices

Related MCP Servers

View all security servers →

better-auth-mcp-server

by nahmanmate

MCP Server for Authentication Management

gateway

by centralmind

CentralMind Gateway is a tool designed to expose databases to AI agents via MCP or OpenAPI protocols, providing secure, LLM-optimized APIs.

ida-pro-mcp

by mrexodia

Simple MCP Server to allow vibe reversing in IDA Pro.

developer_tools

enrichmcp

by featureform

MCPEngine is a production-grade, HTTP-first implementation of the Model Context Protocol (MCP), providing a secure, scalable, and modern framework for exposing data, tools, and prompts to Large Language Models (LLMs) via MCP.

developer_tools

osv-mcp

by StacklokLabs

An MCP server providing access to the OSV database for querying vulnerability information.

ida-mcp-server-plugin

by taida957789

IDA Pro MCP Server is a plugin that allows remote querying and control of IDA Pro through the Model Context Protocol (MCP) interface.

developer_tools

WireMCP

by 0xKoda

WireMCP is a Model Context Protocol server that enhances Large Language Models with real-time network traffic analysis capabilities using tools built on Wireshark's `tshark`.

MCP2Lambda

by danilop

MCP2Lambda allows LLMs to interact with AWS Lambda functions as tools, enabling access to real-time and private data, execution of custom code, and interaction with external services.

cloud_platforms

jadx-mcp-server

by zinja-coder

JADX-MCP-SERVER is a fully automated MCP server designed to work with the JADX-AI-MCP Plugin for analyzing Android APKs using LLMs like Claude.

mcp-virustotal

by BurtTheCoder

The VirusTotal MCP Server is a Model Context Protocol server designed for querying the VirusTotal API, providing comprehensive security analysis tools with automatic relationship data fetching.

remote-mcp-functions-dotnet

by Azure-Samples

This document provides a quickstart guide to building and deploying a remote Model Context Protocol (MCP) server using Azure Functions with .NET/C#.

cloud_platforms

mcp-shodan

by BurtTheCoder

A Model Context Protocol (MCP) server for querying the Shodan API and Shodan CVEDB, providing access to network intelligence and security services.

VibeShift

by GroundNG

VibeShift is an intelligent security agent designed to integrate seamlessly with AI coding assistants, acting as an automated security engineer to analyze code, identify vulnerabilities, and facilitate AI-driven remediation.

Snyk

by snyk

MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.

roadrecon_mcp_server

by atomicchonk

The ROADrecon MCP Server provides AI assistants like Claude with access to ROADRecon Azure AD data for security analysis.

aws-security-mcp

by groovyBugify

AWS Security MCP is a Model Context Protocol server that allows AI assistants to autonomously inspect and analyze AWS infrastructure for security issues.

MetasploitMCP

by GH05TCREW

This MCP server provides a bridge between large language models like Claude and the Metasploit Framework penetration testing platform.

GhidraMCP

by 13bm

A Ghidra plugin that implements the Model Context Protocol (MCP) for AI-assisted binary analysis.

developer_tools

Wazuh-MCP-Server

by gensecaihq

Wazuh MCP Server is an AI-powered security operations platform that integrates conversational AI with traditional SIEM operations.

vercel-mcp-server

by Quegenx

A powerful Model Context Protocol (MCP) server for managing Vercel deployments with comprehensive features.

cloud_platforms

mcp_zoomeye

by zoomeye-ai

A Model Context Protocol (MCP) server that provides network asset information based on query conditions.

research_and_data

ExternalAttacker-MCP

by MorDavid

ExternalAttacker is a Model Context Protocol (MCP) server designed for external attack surface management, integrating automated scanning with a natural language interface.

chucknorris

by pollinations

The C̷h̷u̷c̷k̷N̷o̷r̷r̷i̷s̷ MCP Server is a tool designed to enhance LLMs using specialized prompts and dynamic schema adaptation, primarily for security research.

shodan-mcp-server

by Cyreslab-AI

A Model Context Protocol (MCP) server that provides access to Shodan API functionality and CVE database, allowing AI assistants to query information about internet-connected devices, services, and vulnerabilities.

research_and_data

mcp-security-audit

by qianniuspace

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities.

cve-search_mcp

by roadwy

A Model Context Protocol (MCP) server for querying the CVE-Search API, providing access to CVE data, vendor and product browsing, and more.

volatility-mcp

by Gaffx

Volatility MCP integrates Volatility 3 with FastAPI and MCP for seamless memory forensics.