<i>It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources.</i><p>SQL injection and sending slow queries? Or hammering regular HTTP pages which run slow SQL queries (such as an unoptimised search)?