Create tinlance-sportybet-api-exposure.yaml to http/secrets/

New detector for sportybet api. Tested with Nuclei v3.x. #newtemplate

Author: LloydCoder

detectors/nuclei/http/secrets/tinlance-sportybet-api-exposure.yaml

@@ -0,0 +1,29 @@
+id: tinlance-sportybet-api-exposure
+
+info:
+  name: SportyBet / BetKing Admin or API Token Leak - Tinlance Detection
+  author: Lloydcoder
+  severity: high
+  description: Catches leaked internal tokens and admin endpoints for popular Nigerian betting platforms.
+  tags: exposure,betting,sportybet,betking,nigeria,tinlance
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - 'Bearer\\s+[A-Za-z0-9-_]{50,}\\.[A-Za-z0-9-_]{50,}\\.[A-Za-z0-9-_]{50,}'
+          - 'token["\']?\\s*[:=]\\s*["\']?eyJ[A-Za-z0-9-_]{100,}'
+      - type: word
+        words:
+          - "sportybet"
+          - "betking"
+          - "bet9ja"
+          - "admin"
+          - "api_token"
+        condition: or
+        case-insensitive: true