Try to catch the XSS
Payload length: 0 chars
No brute force please, there is no need