cross cross
cross



Book & Analyze

Ad8Hoarding

Hoarding & Fixed Media Advertising Platform

Ad8OOH

Avenue & Movable Media Advertising Platform

8DigiAd

Book ads on Digital Screens & LCDs

Ad8Mobi

Mobile Advertising Platform

Ad8Paper

Newspaper Advertising Platform

Ad8Radio

Radio Advertising Platform

Ad8TV

Television Advertising Platform

Ad8Social

Book Ads for Web Presence & on Social Media

Search & Explore

Calci

Search Engine for Ad spaces

Pages

Empowers ad sellers with online presence

8Surface

Do-It-Yourself tool for creating ad designs

Ambicode

Allocating adspaces with universal codes

Search Seller

Search engine for ad spaces sellers

InventMyAd

Create & Design Advertisement Campaign

Console

Single dashboard to monitor all campaigns

Get Analytics

ARP

Real time rating & analytics for ad spaces

AnalyzeMyAd

Analyze & Strategize Advertisement Campaign

Ambicash

Blockchain based solution for mobile ad analytics

Boost

Re-targeting and Identifying TV and Radio Analytics

VIA

Visibility scoring for Outdoor & OOH ad media

Social Media Listening

See whats trending on Social Media

For Sellers

Ad8Hoarding

Hoarding & Fixed Media Advertising Platform

Ad8OOH

Avenue & Movable Media Advertising Platform

8Digiad

Book ads on Digital Screens & LCDs

Ad8Mobi

Mobile Advertising Platform

Ad8Paper

Newspaper Advertising Platform

Ad8Radio

Radio Advertising Platform

Ad8TV

Television Advertising Platform

Ad8Plan

Manage Inventory & Lead Generation for media sellers

IOT & AI

Listen

Identify Radio ad audience with audio QR codes

Adify

AI based personal Assistant to plan, book & manage your ads

Pixel

Identify and re-target TV ads to viewers on other ad mediums

Box

Big data solution for retargeting TV and Radio ads to mobile devices

Grow Your Business

Zeedback

Get feedback and generate surveys for your ad viewers and clients

8Chat

Professional Networking for Marketing professionals

Clicko

Single platform for social media management

Others

Ambloan

Get working capital Loans for your marketing campaigns

Ambsure

Insure your Marketing campaigns against uncertainties

We are currently in development mode. The bug bounty program will be live on 2nd January 2022.

BUG BOUNTY

About the Program

Admybrand has initiated bug bounty program to acknowledge and improve our website & products and to address potential security threats with help of developers and security enthusiasts of the ecosystem, for which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. Admybrand invites independent security groups and individual researchers to study our websites and products across all platforms and help us make it even safer  and better for our customers.

If you believe that you have found a security vulnerability on Admybrand (or on another member of the Admybrand companies), we encourage you to let us know straight away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting though, please review this page, including our responsible disclosure policy, reward guidelines and things that should not be reported. If you still feel that the problem you want to report is genuine, we appreciate your cooperation in responsibly investigating and reporting it to us so that we can address it as soon as possible. For Security related bugs/vulnerabilities, we offer reward and recognitions as mentioned below.

Though we welcome reporting of non-security issues and product improvement related suggestions at [email protected], please note that only genuine security issues are eligible for rewards and not all suggestions for improvement of product can be implemented from our side.

Responsible disclosure policy

If you comply with the policies below when reporting a security issue to Admybrand, we will not initiate a lawsuit or law enforcement investigation against you in response to your report. We ask that:

  • You give us reasonable time to investigate and mitigate an issue that you report before making any information about the report public or sharing such information with others.
  • You do not interact with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.
  • You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) unauthorised access to or destruction of data, and interruption or degradation of our services.
  • You do not exploit a security issue that you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.)
  • You do not intentionally violate any other applicable laws or regulations, including (but not limited to) laws and regulations prohibiting the unauthorised access to data.
  • For the purposes of this policy, you are not authorised to access user data or company data, including (but not limited to) personally identifiable information and data relating to an identified or identifiable natural person.
  • Bug bounty Terms

  • Adhere to our responsible disclosure policy (see above).
  • Report a security bug: identify a vulnerability in our services or infrastructure which creates a security or privacy risk.
  • Your report must describe a problem involving one of the products or services listed under "Bug bounty scope"
  • We specifically exclude certain types of potential security issues; these are listed under "Ineligible reports and false positives"
  • Submit your report via our "Report a security vulnerability" form (one issue per report) and respond to the report with any updates. Please do not contact employees directly or through other channels about a report.
  • If you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations or other confidential information) while investigating an issue, you must disclose this in your report.
  • Use test accounts when investigating issues. If you cannot reproduce an issue with a test account, you can use a real account (except for automated testing). Do not interact with other accounts without consent.
  • In turn, we will follow these guidelines when evaluating reports under our bug bounty program.

  • We investigate and respond to all valid reports. Due to the volume of reports that we receive, however, we prioritise evaluations based on risk and other factors, and it may take some time before you receive a reply.
  • We determine bounty amounts based on a variety of factors, including (but not limited to) impact, ease of exploitation and quality of the report. If we pay a bounty, the minimum reward is INR 500. Note that extremely low-risk issues may not qualify for a bounty at all.
  • We aim to pay similar amounts for similar issues, but bounty amounts and qualifying issues may change over time. Past rewards do not necessarily guarantee similar results in the future.
  • In the event of duplicate reports, we award a bounty to the first person to submit an issue. A given bounty is only paid to one individual. You may donate a bounty to a recognised charity and we double bounty amounts that are donated in this way.
  • We reserve the right to publish reports (and accompanying updates).
  • We publish a list of researchers who have submitted valid security reports. You must receive a bounty to be eligible to be included in this list, but your participation is then optional. We reserve the right to limit or modify the information accompanying your name in the list.
  • Bug bounty Scope

  • Admybrand.com
  • 8hoarding / ad8hoarding.com
  • Ad8tv.com
  • Ad8mobi.com
  • Ad8radio.com
  • Ad8paper.com
  • Ad8ooh.com
  • Analyzemyad.com
  • Inventmyad.com
  • Admybrand apps on Playstore like 8chat, Listen etc.
  • Admybrand products hosted on subdomains of admybrand like calci, adify, ARP etc.
  • Acquired companies of Admybrand like Zeedback.com
  • Guidelines to Report a bug

  • Don't violate the privacy of other users, destroy data, disrupt our services, etc.
  • Only target your own accounts in the process of investigating any bugs/findings. Don't target, attempt to access, or otherwise disrupt the accounts of other users.
  • Incase you find a severe vulnerability that allows system access, you must not proceed further.
  • Disclosing bugs to a party other than Admybrand is forbidden, all bug reports are to remain at the reporter and Admybrand’s discretion. Threatening of any kind will automatically disqualify you from participating in the program.
  • Exploiting or mis-using the vulnerability for own or others benefit will automatically disqualify the report.
  • In general, please investigate and report bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to us or our users. Otherwise your actions might be interpreted as an attack rather than an effort to be helpful.

    Eligibility

    Generally speaking, any bug that poses a significant vulnerability could be eligible for reward. But it's entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.

  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Code Executions
  • SQL injections
  • Server Side Request Forgery (SSRF)
  • Privilege Escalations
  • Authentication Bypasses
  • File inclusions (Local & Remote)
  • Protection Mechanism bypasses (CSRF bypass, etc.)
  • Leakage of sensitive data
  • Directory Traversal
  • Payment manipulation
  • Administration portals without authentication mechanism
  • Open redirects which allow stealing tokens/secrets
  • Ineligibility

    Things that are not eligible for reward include:

  • Application stack traces (Path disclosures, etc.)
  • Self-type Cross Site Scripting
  • Denial of Service attacks
  • CSRF issues on actions with minimal impact
  • Brute force attacks
  • Security practices (banner revealing a software version, etc.)
  • Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.
  • Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
  • Vulnerabilities affecting outdated or unpatched browsers / Operating Systems.
  • Vulnerabilities in third party applications that make use of Kraken's API.
  • Bugs that have not been responsibly investigated and reported.
  • Bugs already known to us, or already reported by someone else (reward goes to first reporter).
  • Issues that aren't reproducible.
  • Issues that we can't reasonably be expected to do anything about.
  • False positives

  • Open redirects. Any redirect using our "linkshim" system is not an open redirect.
  • Sending messages to anyone via 8CHAT app
  • Non-case-sensitive passwords. We accept the "caps lock" version of a password or a password with the first character capitalised to avoid login problems.
  • Rewards

  • The minimum reward for eligible bugs is the equivalent of INR 1000 gift voucher which will be transferred to your bank account directly or can be awarded in form of gift vouchers.
  • We will provide with only one reward per bug
  • Reward will be finalized within 30 days from date of reporting of bug on this portal.
  • How to Report a Bug?

  • Fill the form (Findings reported by other ways will not be acknowledged).
  • Include as much information in your report as you can. Ideally, a description of your findings, the steps needed to reproduce it, and the vulnerable component (i.e. API endpoint, etc.)
  • If you need to share screenshots / videos for PoC, please upload to your own Google Drive or any other upload service and share with us the links to those files in the form or you can mail us at [email protected] with subject: 'Bugbounty: reporting an issue'
  • Include your correct name and email address so we can reach out to you.
  • While reporting an issue via email, please include following details Bug type, Description of the bug, Steps to reproduce the bug, Domain/subdomain and URL / endpoint / API details.