Krystofee/remote-mcp-server-authless
highNo description
This MCP server provides a set of tools for shipping tracking, ticket management, refund processing, and company information retrieval, designed to be...
61this.server.tool("trackShipping", { shippingNumber: z.string() }, async ({ shippingNumber }) => {
62 if (shippingNumber === "60151253469") {
63 const tracking = {
64 shippingNumber: "60151253469",
65 carrier: "Packeta",
66 status: "Delivered",
67 ...
68 };
69 return textResult(tracking);
70 }
71 ...
72});// Exploitable by any network attacker since the MCP server is exposed without authentication.
The tools trackShipping, getTicketState, refund, and getCompanyInfo return hardcoded data that includes personal information (names, emails, phone numbers), financial details (invoices, billing amounts), and internal system identifiers. Although the data is hardcoded, it is exposed to any user who can invoke these tools, and the server is deployed without authentication on Cloudflare Workers (network_exposed). This constitutes an information disclosure beyond the documented purpose of providing demo data, as the data appears to be real or realistic sensitive information.
ImpactAn attacker can retrieve personal data (customer names, emails, phone numbers), financial records (invoices, billing history), and internal system details (user lists, subscription statuses) without any authentication. This could lead to privacy violations, identity theft, or competitive intelligence gathering.
FixReplace hardcoded sensitive data with anonymized or synthetic demo data that does not resemble real individuals or companies. Alternatively, require authentication before exposing any data. Ensure that no real personal or financial information is embedded in the source code.
61this.server.tool("trackShipping", { shippingNumber: z.string() }, async ({ shippingNumber }) => {
62 if (shippingNumber === "60151253469") {
63 ...
64 }
65 return { content: [{ type: "text", text: `No tracking found for shipping number "${shippingNumber}".` }] };
66});// Exploitable by any network attacker; low severity due to limited impact but still a finding.
All tools accept string parameters (shippingNumber, ticketNumber, company) with only basic type validation via Zod (z.string()). There is no validation of length, format, or allowed characters. While the tools only return hardcoded data for specific inputs, they reflect the user-supplied input back in error messages without sanitization. This could be used for prompt injection or log injection, and the lack of input constraints means the tools accept arbitrarily large or malformed inputs, potentially leading to resource exhaustion or injection into downstream logs.
ImpactAn attacker could inject special characters or long strings into error messages, potentially polluting logs or triggering injection attacks in log viewers. Additionally, the lack of input size limits could be used for denial-of-service by sending extremely long strings.
FixAdd input validation to restrict string lengths and allowed characters (e.g., alphanumeric and hyphens for shipping numbers). Sanitize or encode user input before reflecting it in responses.