Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor: Adobe. Earn more for AI bugs with Adobe’s new AI Tier! https://blog.adobe.com/security/adobe-expands-bug-bounty-program-to-incentivize-ai-security-research

Also don’t forget to also grab a 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.

Expires June 30, 2026.

====== This Week in Bug Bounty ======

Scaling Bug Bounty triage in the AI era

(https://www.yeswehack.com/security-best-practices/scaling-bug-bounty-triage-ai)

The AI impact: a triager’s perspective

https://www.intigriti.com/blog/business-insights/the-ai-impact-a-triagers-perspective

====== Resources ======

Sling Selectors - The Key to Unlocking AEM's Attack Surface

https://greenjam.co.uk/blog/sling-selectors/

Just a Moment CTF

https://poc.greenjam.co.uk/just-a-moment.html

General XSS jquery .text()

https://poc.greenjam.co.uk/text-xss.html

URL XXS Challenge

https://poc.greenjam.co.uk/url-xss.html

====== Timestamps ======

(00:00:00) Introduction

(00:04:35) Background and AEM Bug

(00:17:40) Sling Selectors & the Tech Stack

(00:38:14) Permissions & Apache Sling Resolution

(01:01:37) The Bugs & AEM Red Flags

(01:31:55) Moment in Time CTF

(01:40:38) General XSS jquery .text()

(01:45:45) URL XXS Challenge