Name: 600+ CVEs on Adobe AEM with Jim Green (GreenJam) (Ep. 176)
Uploaded: 2026-05-28T10:00:19+00:00
Description: Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors,…

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor: Adobe. Earn more for AI bugs with Adobe’s new AI Tier! https://blog.adobe.com/security/adobe-expands-bug-bounty-program-to-incentivize-ai-security-research

Also don’t forget to also grab a 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.
Expires June 30, 2026.

====== This Week in Bug Bounty ======
Scaling Bug Bounty triage in the AI era
(https://www.yeswehack.com/security-best-practices/scaling-bug-bounty-triage-ai)

The AI impact: a triager’s perspective
https://www.intigriti.com/blog/business-insights/the-ai-impact-a-triagers-perspective

====== Resources ======
Sling Selectors - The Key to Unlocking AEM's Attack Surface
https://greenjam.co.uk/blog/sling-selectors/

Just a Moment CTF
https://poc.greenjam.co.uk/just-a-moment.html

General XSS jquery .text()
https://poc.greenjam.co.uk/text-xss.html

URL XXS Challenge
https://poc.greenjam.co.uk/url-xss.html

====== Timestamps ======
(00:00:00) Introduction
(00:04:35) Background and AEM Bug
(00:17:40) Sling Selectors & the Tech Stack
(00:38:14) Permissions & Apache Sling Resolution
(01:01:37) The Bugs & AEM Red Flags
(01:31:55) Moment in Time CTF
(01:40:38) General XSS jquery .text()
(01:45:45) URL XXS Challenge

600+ CVEs on Adobe AEM with Jim Green (GreenJam) (Ep. 176)

Listen On

Recent Episodes