DVMS

DVMS

Damn Vulnerable MCP Server -- A deliberately insecure MCP server for security testing

DO NOT deploy in production

This server contains intentional security vulnerabilities covering all 10 MCP attack categories. It is designed for security testing, education, and scanner validation only.

Total

Pass

Fail

Time

Vulnerabilities

ID	Vulnerability	Severity	OWASP MCP
MCP-001	No authentication on any endpoint	Critical	MCP-07
MCP-002	Tool definition tampering (rug pull)	Critical	MCP-01
MCP-003	Command injection via tool arguments	Critical	MCP-04
MCP-004	No input validation	High	MCP-04
MCP-005	SSRF via resources/read	Critical	MCP-06
MCP-006	Data exfiltration (no response limits)	High	MCP-06
MCP-007	Replay attacks (no nonce/timestamp)	High	MCP-08
MCP-008	No rate limiting	Medium	MCP-09
MCP-009	Privilege escalation via sampling	Critical	MCP-03
MCP-010	Sensitive tools exposed	High	MCP-09

Vulnerability

Severity

OWASP MCP

MCP-001

No authentication on any endpoint

Critical

MCP-07

MCP-002

Tool definition tampering (rug pull)

Critical

MCP-01

MCP-003

Command injection via tool arguments

Critical

MCP-04

MCP-004

No input validation

High

MCP-04

MCP-005

SSRF via resources/read

Critical

MCP-06

MCP-006

Data exfiltration (no response limits)

High

MCP-06

MCP-007

Replay attacks (no nonce/timestamp)

High

MCP-08

MCP-008

No rate limiting

Medium

MCP-09

MCP-009

Privilege escalation via sampling

Critical

MCP-03

MCP-010

Sensitive tools exposed

High

MCP-09

Tools Exposed

Tool	Risk	What it does
run_command	Critical	Executes arbitrary shell commands
search_files	Critical	Command injection via find pattern
fetch_url	Critical	SSRF -- fetches any URL server-side
read_file	Critical	Reads any file (path traversal)
write_file	Critical	Writes to any file
query_database	Critical	SQL injection vector
list_processes	High	Exposes running processes
get_env_vars	Critical	Leaks all environment variables
admin_panel	Critical	Unauthenticated admin access
get_weather	Medium	Safe tool (rug pull target)

Tool

Risk

What it does

run_command

Critical

Executes arbitrary shell commands

search_files

Critical

Command injection via find pattern

fetch_url

Critical

SSRF -- fetches any URL server-side

read_file

Critical

Reads any file (path traversal)

write_file

Critical

Writes to any file

query_database

Critical

SQL injection vector

list_processes

High

Exposes running processes

get_env_vars

Critical

Leaks all environment variables

admin_panel

Critical

Unauthenticated admin access

get_weather

Medium

Safe tool (rug pull target)

Test It

Initialize

curl -X POST {URL}/mcp -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"initialize","id":1,"params":{"clientInfo":{"name":"test"}}}'

List Tools

curl -X POST {URL}/mcp -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"tools/list","id":2}'

Command Injection

curl -X POST {URL}/mcp -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"tools/call","id":3,"params":{"name":"run_command","arguments":{"command":"whoami"}}}'

Read /etc/passwd

curl -X POST {URL}/mcp -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"tools/call","id":4,"params":{"name":"read_file","arguments":{"path":"/etc/passwd"}}}'

Run Locally

Docker

docker pull cybersecai/dvmcp
docker run -p 3001:3001 cybersecai/dvmcp

Then visit http://localhost:3001

DO NOT deploy in production

Vulnerabilities

Tools Exposed

Test It

Initialize

List Tools

Command Injection

Read /etc/passwd

Run Locally

Docker

References