Sonirico MCP-Shell Command Injection Vulnerability

A command injection vulnerability has been identified in Sonirico MCP-Shell version 0.3.1. This vulnerability allows attackers to execute arbitrary commands by bypassing existing security validations. The issue arises from the use of the 'shell_exec' function, which executes commands in a bash shell context, enabling the use of shell syntax to obfuscate and reconstruct prohibited commands. The vulnerability exploits flaws in the command validation process, which relies on keyword matching and can be easily circumvented.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where MCP-Shell is running, potentially leading to severe consequences depending on the commands executed.

Reproduction

To reproduce this vulnerability, send a request to a vulnerable MCP-Shell server using the 'tools/call' method. In the 'arguments' section, include a command that bypasses the 'validateCommand' checks by using shell features to obfuscate prohibited commands. For example, a command can be constructed to reconstruct and execute 'chmod' by splitting it into fragments and using command substitution.

Remediation

Users are advised to update to Sonirico MCP-Shell version 0.4.0 or later, where this vulnerability has been fixed.