Command Injection Vulnerability in MCP File Reader

Created at 7 months ago

by Eliran79

A deliberately vulnerable MCP server demonstrating command injection flaws. This Python implementation shows how lack of input sanitization in file paths leads to critical security vulnerabilities allowing attackers to execute arbitrary commands. For educational purposes only - demonstrates both the vulnerability and proper security practices.

What is the Vulnerable File Reader Server?

The Vulnerable File Reader Server is a Python implementation that demonstrates a critical command injection vulnerability in a Model Context Protocol (MCP) server. It showcases how improper input sanitization in file paths can lead to severe security flaws, allowing attackers to execute arbitrary commands on the host system.

How to use the Vulnerable File Reader Server?

To use the server, clone the repository, install the necessary dependencies, configure the MCP server, and run it in development mode. You can then connect to the server using the MCP Inspector to test the vulnerability.

Key features of the Vulnerable File Reader Server?

Demonstrates command injection vulnerabilities in a controlled environment.
Provides examples of exploitation techniques.
Includes proper security practices to mitigate such vulnerabilities.

Use cases of the Vulnerable File Reader Server?

Educational purposes for security training and awareness.
Testing and demonstrating command injection vulnerabilities.
Learning how to implement secure coding practices.

FAQ from the Vulnerable File Reader Server?

Is this server safe to use in production?

No! This implementation contains deliberate vulnerabilities and should only be used for educational purposes.

What programming language is used?

The server is implemented in Python.

How can I fix the vulnerabilities demonstrated?

Avoid using shell=True with user input and implement proper input validation.

Context7

upstash

Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors

7 months ago

Qiniu MCP Server

Qiniu

基于七牛云产品构建的 Model Context Protocol (MCP) Server，支持用户在 AI 大模型客户端的上下文中通过该 MCP Server 来访问七牛云存储资源、利用 Dora 服务进行图片操作等。如果有什么需求欢迎在下方评论，您也可以在 github 仓库中提 issue。

8 months ago

DeepChat

ThinkInAI

Your AI Partner on Desktop

8 months ago

GitLab

modelcontextprotocol

GitLab API, enabling project management

a year ago

Redis

modelcontextprotocol

A Model Context Protocol server that provides access to Redis databases. This server enables LLMs to interact with Redis key-value stores through a set of standardized tools.

9 months ago

MCP Server for Milvus

zilliztech

The Milvus MCP server enables AI applications to interact with Milvus vector databases using natural language commands. It allows AI models to perform vector searches, manage collections, and retrieve data without writing custom database queries. This integration facilitates seamless access to vector data, enhancing the capabilities of AI tools like Claude Desktop and Cursor.

8 months ago

ChatWise

EGOIST

The second fastest AI chatbot™

8 months ago

Framelink Figma MCP Server

GLips

MCP server to provide Figma layout information to AI coding agents like Cursor

10 months ago

Tavily Mcp

tavily-ai

8 months ago

Serper MCP Server

garymengcom

A Serper MCP Server

8 months ago

MCP Playground

chatmcp

Call MCP Server Tools Online

8 months ago

Aws Kb Retrieval Server

modelcontextprotocol

An MCP server implementation for retrieving information from the AWS Knowledge Base using the Bedrock Agent Runtime.

9 months ago

PostgreSQL

modelcontextprotocol

Read-only database access with schema inspection

a year ago

302_sandbox_mcp

302ai

Create a remote sandbox that can execute code/run commands/upload and download files. 创建远程沙盒，可以执行代码/运行命令/上传下载文件

8 months ago

Puppeteer

modelcontextprotocol

Browser automation and web scraping

a year ago

Howtocook Mcp

worryzyy

基于Anduin2017 / HowToCook （程序员在家做饭指南）的mcp server，帮你推荐菜谱、规划膳食，解决“今天吃什么“的世纪难题； Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"

7 months ago

Baidu Map

baidu-maps

百度地图核心API现已全面兼容MCP协议，是国内首家兼容MCP协议的地图服务商。

8 months ago

Cherry Studio

CherryHQ

🍒 Cherry Studio is a desktop client that supports for multiple LLM providers.

9 months ago

Cursor

The AI Code Editor

8 months ago

Sequential Thinking

modelcontextprotocol

An MCP server implementation that provides a tool for dynamic and reflective problem-solving through a structured thinking process.

9 months ago

AgentQL MCP Server

tinyfish-io

Model Context Protocol server that integrates AgentQL's data extraction capabilities.

9 months ago

Continue

continuedev

⏩ Create, share, and use custom AI code assistants with our open-source IDE extensions and hub of models, rules, prompts, docs, and other building blocks

9 months ago

y-cli 🚀

luohy15

A Tiny Terminal Chat App for AI Models with MCP Client Support

9 months ago

mcp-server-flomo MCP Server

chatmcp

Write notes to Flomo

a year ago

Cline – #1 on OpenRouter

cline

Autonomous coding agent right in your IDE, capable of creating/editing files, executing commands, using the browser, and more with your permission every step of the way.

9 months ago

Aiimagemultistyle

codecraftm

A Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.

6 months ago

Perplexity Ask MCP Server

ppl-ai

A Model Context Protocol Server connector for Perplexity API, to enable web search without leaving the MCP ecosystem.

9 months ago

Roo Code (prev. Roo Cline)

RooVetGit

Roo Code (prev. Roo Cline) gives you a whole dev team of AI agents in your code editor.

9 months ago

Zhipu Web Search

BigModel

Zhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.

7 months ago

Time

modelcontextprotocol

A Model Context Protocol server that provides time and timezone conversion capabilities. This server enables LLMs to get current time information and perform timezone conversions using IANA timezone names, with automatic system timezone detection.

9 months ago

Filesystem

Secure file operations with configurable access controls

a year ago

Playwright Mcp

microsoft

Playwright MCP server

8 months ago

Mailtrap Email Sending MCP

Mailtrap

An MCP server that provides a tool for sending transactional emails via Mailtrap

8 months ago

Blender

ahujasid

BlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.

9 months ago

MiniMax MCP

MiniMax-AI

Official MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.

8 months ago

Firecrawl Mcp Server

mendableai

Official Firecrawl MCP Server - Adds powerful web scraping to Cursor, Claude and any other LLM clients.

10 months ago

A Sleek AI Assistant & MCP Client

nanbingxyz

5ire is a cross-platform desktop AI assistant, MCP client. It compatible with major service providers, supports local knowledge base and tools via model context protocol servers .

10 months ago

Windsurf

Codeium

The new purpose-built IDE to harness magic

8 months ago

Search1API

One API for Search, Crawling, and Sitemaps

a year ago

HyperChat

BigSweetPotatoStudio

HyperChat is a Chat client that strives for openness, utilizing APIs from various LLMs to achieve the best Chat experience, as well as implementing productivity tools through the MCP protocol.

9 months ago

MCP Advisor

istarwyh

MCP Advisor & Installation - Use the right MCP server for your needs

7 months ago

302_browser_use_mcp

302ai

Automatically create a remote browser to complete your specified tasks, developed based on Browser Use + Sandbox. 自动创建一个远程浏览器，完成你指定的任务，基于Browser Use + Sandbox开发。

8 months ago

Sentry

modelcontextprotocol

Retrieving and analyzing issues from Sentry.io

a year ago

EdgeOne Pages MCP

TencentEdgeOne

An MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.

8 months ago

Lutra

lutra

Lutra is the first MCP compatible client built for everyone

8 months ago

Jina AI MCP Tools

PsychArch

A Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.

8 months ago

Visual Studio Code - Open Source ("Code - OSS")

microsoft

Visual Studio Code

8 months ago

Amap Maps

amap

高德地图官方 MCP Server

8 months ago

Y Gui

luohy15

A web-based graphical interface for AI chat interactions with support for multiple AI models and MCP (Model Context Protocol) servers.

9 months ago

EverArt

modelcontextprotocol

AI image generation using various models

a year ago