netanelgilad/remote-mcp-server
highNo description
MCP server (purpose undetermined)
47this.server.tool("Query Products", "Query products for a wix site", { siteId: z.string() }, async (args) => {
48 const siteTokenResponse = await fetch("https://www.wixapis.com/oauth2/token", {
49 method: "POST",
50 headers: {
51 "Content-Type": "application/json",
52 },
53 body: JSON.stringify({
54 clientId: env.WIX_CLIENT_ID,
55 grantType: "refresh_token",
56 refreshToken: this.props.refreshToken as string,
57 siteId: args.siteId
58 })
59 });
60 ...
61 const siteTokenData = await siteTokenResponse.json() as WixTokenResponse;
62 const siteAccessToken = siteTokenData.access_token;
63 const products = await fetch(`https://www.wixapis.com/stores/v1/products/query`, {
64 method: "POST",
65 headers: {
66 "Content-Type": "application/json",
67 "Authorization": siteAccessToken as string,
68 },
69 body: JSON.stringify({
70 includeVariants: true
71 })
72 })
73 const result = await products.json();
74 return {
75 content: [{
76 type: "text",
77 text: JSON.stringify(result)
78 }]
79 }
80})// Exploitable if MCP is exposed to untrusted prompts (network_exposed) or if LLM is compromised (local_only).
The 'Query Products' tool obtains a site-specific access token using the refresh token and then uses it to query products. The full API response is returned to the LLM without sanitization, potentially exposing the site access token or other sensitive data.
ImpactAn attacker controlling the LLM could extract site-specific access tokens from the response, leading to unauthorized access to Wix site data.
FixSanitize the API response to remove any sensitive fields before returning it to the LLM.
22this.server.tool("list sites", "List all sites for the current user", async () => {
23 const sites = await fetch("https://www.wixapis.com/site-list/v2/sites/query", {
24 method: "POST",
25 headers: {
26 "Content-Type": "application/json",
27 "Accept": "application/json, text/plain, */*",
28 "Authorization": this.props.accessToken as string,
29 },
30 body: JSON.stringify({
31 query: {
32 "cursorPaging": {"limit": 50}
33 }
34 })
35 })
36 const result = await sites.json();
37 return {
38 content: [{
39 type: "text",
40 text: JSON.stringify(result)
41 }]
42 }
43});// Exploitable if MCP is exposed to untrusted prompts (network_exposed) or if LLM is compromised (local_only).
The 'list sites' tool returns the full JSON response from the Wix API, which may include the access token or other sensitive information in the response body. The tool does not sanitize the response before returning it to the LLM, potentially leaking credentials.
ImpactAn attacker controlling the LLM could extract access tokens from the API response, leading to unauthorized access to the Wix account.
FixSanitize the API response to remove any sensitive fields (e.g., access_token, refresh_token) before returning it to the LLM.
47this.server.tool("Query Products", "Query products for a wix site", { siteId: z.string() }, async (args) => {
48 const siteTokenResponse = await fetch("https://www.wixapis.com/oauth2/token", {
49 method: "POST",
50 headers: {
51 "Content-Type": "application/json",
52 },
53 body: JSON.stringify({
54 clientId: env.WIX_CLIENT_ID,
55 grantType: "refresh_token",
56 refreshToken: this.props.refreshToken as string,
57 siteId: args.siteId
58 })
59 });// Exploitable if MCP is exposed to untrusted prompts (network_exposed) or if LLM is compromised (local_only).
The 'siteId' parameter is only validated as a string via Zod, but there is no validation that it is a valid Wix site ID. An attacker could provide an arbitrary string, potentially causing the server to make requests to unintended endpoints or leak information through error messages.
ImpactAn attacker could potentially enumerate valid site IDs or cause the server to make requests with malformed site IDs, leading to information disclosure or denial of service.
FixAdd validation to ensure siteId matches expected format (e.g., UUID or alphanumeric pattern).