About Us
About Us
History Right Arrow What we Do Right Arrow GS1 Benefits Right Arrow Global Network Right Arrow Our Members Right Arrow Global Standards, Solutions & Technology Committee Right Arrow GS1 Standards Right Arrow
About Us
What we do
Find out more about how we can help you
Read More
Barcodes
Barcodes
Start Here Right Arrow Exclusive benefits Right Arrow Types of barcodes Right Arrow Barcode Estimator Right Arrow Cost & License Right Arrow Buy Barcodes in SA Right Arrow
Barcodes
Start Here
3 Steps to barcode success
Read More
Buy a Barcode
GS1 is the exclusive source of GTIN's & barcodes globally
Read More
2D in Retail
Next generation barcodes.
One scan. Infinite possibilities.
Read More
Industries
Our Industries
Retail Right Arrow Marketplace Right Arrow Food Services Right Arrow Healthcare Right Arrow Transport & Logistics Right Arrow Technical Industries Right Arrow Cannabis Right Arrow
Our Industries
2D in Retail
Next generation barcodes.
One scan. Infinite possibilities.
Read More
Global Traceability Standard for Healthcare
See how GS1 helped to improve traceability standards in the Heathcare industry
Read More
Fashion Retail ROI Calculator
Use the calculator
Download
Solutions
Solutions
Alliance Partners Right Arrow Barcode Estimator Right Arrow Barcode Verification Services Right Arrow Global Data Synchronisation Network Right Arrow Activate Right Arrow Item Measurement Service Right Arrow Traceability Right Arrow Verified by GS1 Right Arrow Sustainabiltiy Programme Right Arrow
Solutions
Activate
Instantly register new GTINs & barcodes online
Read More
Verified by GS1
Trust and efficiency starts with a valid ID from GS1
Read More
Global Data Synchronisation Network (GDSN)
Making product information accessible
Read More
Education & Support
Latest News
Articles Right Arrow Events Right Arrow Media Right Arrow Publications Right Arrow
Helpful Tools
Check digit calculator Right Arrow GPC Browser Right Arrow GTIN Management Standard Decision Tool Right Arrow Verified by GS1 Right Arrow Technical Documentation Right Arrow T&C's Right Arrow
Education & Support
FAQs Right Arrow Glossary Right Arrow GS1 SA Training Services Right Arrow Standards & Guidelines Right Arrow
Education & Support
GS1 Annual Report
Read our latest annual report and archives
Download
The Global Language of Business
Contact Us

While BWAPP is designed to be vulnerable, working with it requires a good understanding of web application security. Here are some key considerations:

The application will create the necessary tables and populate the default user accounts.

| Environment | Default URL | Login Credentials | |--------------|---------------|--------------------| | | http://localhost/bWAPP/login.php | bee / bug | | Docker (Rauthan image) | http://localhost:8080/login.php | bee / bug | | Metasploitable 2 | http://<VM_IP>/bWAPP/login.php | bee / bug | | VulnHub machines | Check VM’s IP | bee / bug (unless noted) | | Online demo | (No official demo) | N/A (self-host only) |

Session IDs are highly predictable, sequential, or based on weak hashes like MD5 without a salt. Attackers can guess valid session IDs to hijack active user sessions without knowing the login password.

Navigate to the directory hosting the application files and open the configuration file: bWAPP/admin/settings.php 2. Verify Database Credentials

Begin with common vulnerabilities like SQL injection and cross-site scripting (XSS). BWAPP provides a user-friendly interface to practice these attacks.

These techniques are for educational purposes only . You should only try them on your own copy of bWAPP or other authorised testing environments. Never attempt such attacks against real‑world applications or without explicit permission.

If bee:bug does not work, your installation might be corrupted, or you might be looking at a different security context (like a proxy login).

bWAPP relies on PHP session cookies to track your authentication status and chosen security level.

The MySQL database service is not running, or the configuration file has incorrect database credentials.

This uses a UNION query to inject a completely fabricated user record containing the SHA‑1 hash of a known password (here "test" ). The application compares the password you submit with this hash, and if they match, you are logged in as admin .

The standard installation of bWAPP uses a single set of default credentials to grant administrative access to the main training portal. bee Default Password: bug

: Always use prepared statements to prevent SQL Injection in login forms.

GS1 South Africa History What we Do GS1 Benefits Global Network Our Members GS1 South Africa Council GS1 Standards
Barcodes Start Here Exclusive benefits Types of barcodes Barcode Estimator Cost & Licence Buy Barcodes in SA
Our Industries Retail Food Services Healthcare Transport & Logistics Technical Industries
Solutions GS1 Activate Verified by GS1 Global Data Synchronisation Network Alliance Partner & Data Controllers List Item Measurement Service Barcode Verification Services Barcode Estimator Traceability Sustainability Programme

© 2026 — Network & Spring

Contact Us FAQs T&Cs Privacy Policy

Report Unethical Behaviour & Fraud