Shopping Cart is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application.
Can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
Contains dozens of vulnerabilities providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Shopping Cart has been tested/attacked with Acunetix, Kali Linux, W3AF, SQLMAP, Samurai WTF, Backtrack, Burp-Suite, NetSparker, and other tools.
If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Shopping Cart is for you.