Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam) - podcast episode cover

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

May 28, 20261 hr 51 minSeason 1Ep. 176
--:--
--:--
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X: 

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/ 


Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/


Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today’s Sponsor: Adobe. Earn more for AI bugs with Adobe’s new AI Tier! https://blog.adobe.com/security/adobe-expands-bug-bounty-program-to-incentivize-ai-security-research


Also don’t forget to also grab a 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.

Expires June 30, 2026. 


====== This Week in Bug Bounty ======

Scaling Bug Bounty triage in the AI era

(https://www.yeswehack.com/security-best-practices/scaling-bug-bounty-triage-ai)


The AI impact: a triager’s perspective

https://www.intigriti.com/blog/business-insights/the-ai-impact-a-triagers-perspective


====== Resources ======

Sling Selectors - The Key to Unlocking AEM's Attack Surface

https://greenjam.co.uk/blog/sling-selectors/


Just a Moment CTF

https://poc.greenjam.co.uk/just-a-moment.html


General XSS jquery .text()

https://poc.greenjam.co.uk/text-xss.html


URL XXS Challenge

https://poc.greenjam.co.uk/url-xss.html


====== Timestamps ======

(00:00:00) Introduction

(00:04:35) Background and AEM Bug

(00:17:40) Sling Selectors & the Tech Stack

(00:38:14) Permissions & Apache Sling Resolution

(01:01:37) The Bugs & AEM Red Flags

(01:31:55) Moment in Time CTF

(01:40:38) General XSS jquery .text()

(01:45:45) URL XXS Challenge

For the best experience, listen in Metacast app for iOS or Android