Thanks for all the tips you have given me, I did try many of them but sadly I failed achieving what I wanted to do. I'll probably look at it again later but for now I'm moving on to something else.

Yes, I did find the DB cred and while I can use them to get or insert data, I still want to exploit the SQL injection (if any). The reason is that I want to be thorough in my pen testing. magic_quotes_gpc is a deprecated flag so even if the SQLi are not exploitable right now they might be in the near future. I consider this a vulnerability and I'ld like to prove to the client that it is dangerous. He might not see the need to fix it if I cannot exploit them, hence the reason I'm asking for help. So far I've been unsuccessful with everything I tried.

Hello, I am currently pen testing a web application and I am stuck in the middle of a vulnerability. I am looking for tips or idea to move on in my exploitation.

I can upload any files on the web server in a writable directory (including .phps) and run them. This allowed me to get a reverse shell on the web server, but it runs with the rights of the web server. The thing I want to do is turn off the magic_quotes_gpc flag from php, because i am sure it hides some SQL injection flaws.

I need to accomplish 2 steps to do that:
1- modify php.ini
2- restart the apache server

The current rights I have are not enough to do either of those steps. The only vulnerability I found on the server that could be used for my purpose is this one CVE-2009-1195, however the web server does not seem to allow .htaccess files so right now I am out of ideas. Anyone has an idea of what I could try ?

Thanks,