Hey, if after our last couple of posts, you feel like your SQL fu is up to snuff and want to get your hands on a real vulnerable web app that maybe doesn't have the answers all leaked out, then check this out.
Head on over to http://csis.pace.edu/~lchen/sweet and download the vulnerable app they're hosting in VM or Virtualbox format. Stand up that server and follow these two guides, 5 - Security Testing and 6 - Vulnerability Management .
The Ubuntu web server is running BadStore, which you can alternately register for and download here: http://www.badstore.net Either way, you're going to be able to run SQL Injection and XSS vulns against this web app and database.
Try it out!