diff --git a/http/exposures/configs/sphinxsearch-config.yaml b/http/exposures/configs/sphinxsearch-config.yaml
new file mode 100644
index 0000000000..24000edc6b
--- /dev/null
+++ b/http/exposures/configs/sphinxsearch-config.yaml
@@ -0,0 +1,36 @@
+id: sphinxsearch-config
+
+info:
+  name: Sphinx Search configuration file containing SQL credentials
+  author: gtrrnr
+  severity: high
+  description: sphinx.conf file contains SQL credentials and is publicly accessible.
+  impact: |
+    An attacker can use leaked credentials to gain access to database.
+  reference:
+    - https://github.com/manticorp/SphinxSearch/blob/master/sphinx.conf.example
+  metadata:
+    max-request: 7
+  tags: sphinx,sphinxsearch,exposure
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/config/development.sphinx.conf"
+      - "{{BaseURL}}/config/production.sphinx.conf"
+      - "{{BaseURL}}/configs/sphinx.conf"
+      - "{{BaseURL}}/search/configs/sphinx.conf"
+      - "{{BaseURL}}/sphinx.conf"
+      - "{{BaseURL}}/sphinx/sphinx.conf"
+      - "{{BaseURL}}/sphinxsearch/sphinx.conf"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "sql_user"
+
+      - type: status
+        status:
+          - 200