I think he has used the CtrlC/CtrlV method to insert the evil code inside the database with is an apparently simple HTTP_POST access (as fluffy lobster assumes).
But we have to consider if it is really useful, because the process needs some other methods like:
WinD, OpticSearch, mouseMove, 2xClick with a low delay (not always easy), a careful SelectDrag, CtrlC, AltTab, OpticSearch (to correctly place the target-pointer), mouseMove&Click and finally CtrlV.
(AltTab is a formal method, you can use OpticSearch -> mouseMove&Click instead)
It depends then on the third server's reliability that the (hopefully correct) image is showed (remember that some servers don't let others to 'steal' images).
This process is simple for a lot of data... but not always easy to prepare.
On older computers the WinD method doesn't even exist which would need a high number of OpticSearch -> mouseClick to locate the data source.
I personally prefer writing the URLs on post-its and stick them onto the screen
/ –
