Security: SQL Injection in create_table and describe_table

[8endit]

Summary

mcpfuzz (dynamic security scanner for MCP servers) detected 2 CRITICAL SQL injection vulnerabilities and 1 HIGH error information leakage issue.

Affected Tools

Severity	Tool	Pattern
CRITICAL	create_table	SQL Injection — tautology payload accepted
CRITICAL	describe_table	SQL Injection — UNION-based schema extraction
HIGH	append_insight	Error Information Leakage — internal error messages exposed

Steps to Reproduce

SQL Injection on describe_table

{"name": "describe_table", "arguments": {"table_name": "test' UNION SELECT sql FROM sqlite_master WHERE type='table'--"}}

Response includes the injected SQL in the error message, confirming unsanitized input reaches the query layer.

SQL Injection on create_table

{"name": "create_table", "arguments": {"query": "' OR '1'='1"}}

Error Leakage on append_insight

{"name": "append_insight", "arguments": {"insight": "null"}}

Response: SQLITE_READONLY: attempt to write a readonly database — leaks internal database state information.

Impact

SQL injection in table operations allows an attacker (via prompt injection to the LLM) to:

• Extract database schema via UNION-based injection
• Potentially read/modify data in other tables
• Enumerate database structure

Recommended Fix

• Parameterize all SQL queries — never interpolate user input into SQL strings
• Validate table_name against [a-zA-Z0-9_]+ pattern
• Sanitize error messages to remove internal details

Environment

• mcpfuzz v0.1.0
• Server tested with SQLite backend (/tmp/test.db)
• Tested in isolated Docker container (network=none, read-only filesystem)