Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack

Securing the database against frequent attacks is a big concern; attackers usually intend to snitch private information and damage databases. These days, web applications are widely used as a meddler between computer users. Web applications are also used mostly by e-commerce companies, and these types of applications need a secured database in order to keep sensitive and confidential information. Since Blind SQL injection attacks occurred as a new way of accessing database through the application rather than directly through the database itself, they have become popular among hackers and malicious users. Many detection tools are developed to handle this problem but they have limitations. This study enhances SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks (MYSQL Injector) using time-based attack with Inference Binary Search Algorithm. It covers four types of blind SQL injection attacks, true/false, true error, time-based and order by attacks. This tool will automate the process of the blind SQL injection attacks to check the blind SQL injection vulnerability in the PHP-based websites that use MySQL databases. Forty four vulnerable websites and thirty non vulnerable websites were tested to ensure the accuracy of the tool. The result shows 93% accuracy for detecting the vulnerability while MySQL injector performs 84%.