I don't understand how the server looks up the value in the database. Or where does he upload all this?

It takes a hash from the password and looks for the same hash in the database.
Password hashes get into the database by searching for leaked passwords in the public domain (and not only), then they are
imported into the service database.
The author of this service is Troy Hunt
Here is his blog:
https://www.troyhunt.com/project-svalbard-the-futu...
Here, many write that it is better not to trust such services. And in general they are right.
But regarding haveibeenpwned, it is possible to download a dump of password hashes (SHA-1, NTLM) email is not there for obvious reasons
haveibeenpwned.com/Passwords (at the bottom of the page).
After downloading, you can upload it to your database, generate a hash from the desired password and search for a match in the database.

The site does not look for anything, the administrator searches for the database of merged passwords and adds it manually (thematic sites or even himself). The logic of the site, as I understand it, is primitive - check the presence of a login in the database and record the fact of the check (it is possible to do something to detect automatic systems that sort through logins and clog the log with garbage), it takes longer to design and layout than backend.
ps this particular haveibeenpwned.com looks like a scam site, you type in any email and you get Oh no - pwned! Surely there next he will offer something to download - 100% Trojan