The write up certainly implies SQL injection but it seems pretty unlikely that's true. If the target of a DDOS also had a sqli vuln it's much more likely it'd be exploited directly. It's also very unlikely pastebin has an active sqli given their audience etc.
SQL injection and sending slow queries? Or hammering regular HTTP pages which run slow SQL queries (such as an unoptimised search)?