Try to catch the XSS

Payload length: 22 chars

No brute force please, there is no need