I think the idea was to trigger a request to the specified URL by passing it as the query string. But the search tool doesn't appear to work that way. Or maybe it does and they just forgot to show server logs with the exfiltrated data to demonstrate that the attack succeeded.