diff --git a/http/exposures/configs/sftp-credentials-exposure.yaml b/http/exposures/configs/sftp-credentials-exposure.yaml
index 003e7877fc..ef65a29aa1 100644
--- a/http/exposures/configs/sftp-credentials-exposure.yaml
+++ b/http/exposures/configs/sftp-credentials-exposure.yaml
@@ -1,17 +1,24 @@
 id: sftp-credentials-exposure
 
 info:
-  name: SFTP Credentials - Detect
-  author: sheikhrishad
+  name: SFTP Configuration File - Credentials Exposure
+  author: geeknik,sheikhrishad
   severity: high
-  description: SFTP credentials were detected.
+  description: SFTP configuration file was detected.
+  reference:
+    - https://blog.sucuri.net/2012/11/psa-sftpftp-password-exposure-via-sftp-config-json.html
+    - https://www.acunetix.com/vulnerabilities/web/sftp-ftp-credentials-exposure/
+    - https://codexns.io/products/sftp_for_sublime/settings
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-200
   metadata:
-    max-request: 2
-  tags: config,ftp,exposure
+    verified: true
+    max-request: 1
+    github-query: filename:sftp-config.json
+  tags: sftp,config,exposure
+
 
 http:
   - method: GET
@@ -19,17 +26,21 @@ http:
       - "{{BaseURL}}/sftp-config.json"
       - "{{BaseURL}}/ftpsync.settings"
 
-    matchers-condition: and
     matchers:
       - type: word
+        part: body
+        words:
+          - '"host":'
+          - '"user":'
+          - '"password":'
+          - '"remote_path":'
+        condition: and
+
+      - type: word
+        part: body
         words:
           - "file_permissions"
           - "extra_list_connections"
-        part: body
         condition: and
 
-      - type: status
-        status:
-          - 200
-
 # digest: 490a0046304402203f263c62f9ae4c046a15db1732fe5077f0b842a952de7e923fdf6ea98f3c07c502206a4b685f97187b95637b84057b5e4c86a4b3d9bd4b772631528dd49cf401b8ed:922c64590222798bb761d5b6d8e72950