Command & Code Injection

Execution of arbitrary commands and code through MCP vulnerabilities, enabling attackers to compromise systems and execute unauthorized operations.

Overview

Command and code injection attacks exploit insufficient input validation and unsafe execution practices in MCP servers to execute arbitrary commands and code on target systems.

Attack Techniques

Command Injection

Execution of arbitrary system commands through unsanitized input passed to MCP tools.

SQL Injection

Injection of malicious SQL queries through MCP database tools.

OS Command Injection

Execution of operating system commands through vulnerable MCP server implementations.

Code Injection

Injection of malicious code that gets executed within the MCP server environment.

Shell Command Execution

Direct execution of shell commands through poorly secured MCP tools.

Output Prompt Injection

Injection of malicious prompts through tool output, including font-based injection and invisible characters.

Malicious Output Composition

Embedding LLM-influencing replies within tool output to manipulate subsequent AI behavior.

Impact Assessment

Severity: High to Critical
Likelihood: Medium to High
Detection Difficulty: Medium

Common Indicators

Unexpected system command execution
Unusual process spawning
Anomalous database queries
Suspicious code execution patterns
Unauthorized system access

General Mitigation Strategies

Input Validation: Implement comprehensive input sanitization
Parameterized Queries: Use prepared statements for database access
Sandboxing: Execute code in isolated environments
Command Filtering: Restrict allowed commands and operations
Principle of Least Privilege: Limit execution permissions

Detection Methods

System call monitoring
Process execution analysis
Database query monitoring
Code execution tracking

This category contains 7 distinct attack techniques focused on code and command execution vulnerabilities in MCP systems.