Try to catch the XSS
Payload length: 22 chars
No brute force please, there is no need