[robtoo]

It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources.

SQL injection and sending slow queries? Or hammering regular HTTP pages which run slow SQL queries (such as an unoptimised search)?

[trotsky]

The write up certainly implies SQL injection but it seems pretty unlikely that's true. If the target of a DDOS also had a sqli vuln it's much more likely it'd be exploited directly. It's also very unlikely pastebin has an active sqli given their audience etc.