Try to catch the XSS

Payload length: 11 chars

No brute force please, there is no need