Saroj-Shandiliya/Vulnerable-MCP_Server
If you are the rightful owner of Vulnerable-MCP_Server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
This document provides a structured summary of a Model Context Protocol (MCP) server designed for educational purposes, highlighting its vulnerabilities and features.
Tools
Functions exposed to the LLM to take actions
get_user_details
Vulnerable to SQL injection, allowing database access.
cleanup_logs
Allows command injection for arbitrary command execution.
debug_access
Hidden tool not listed in listTools, simulating shadow functionality.
submit_feedback
Simulates data exfiltration to an external server.
configure_server
Allows unauthenticated server configuration changes.
Prompts
Interactive templates invoked by user choice
No prompts
Resources
Contextual data attached and managed by the client