Update documentation

Author: jheysel-r7

documentation/modules/exploit/multi/http/tomcat_partial_put_deserialization.md

@@ -1,8 +1,8 @@
 ## Vulnerable Application
 This module exploits a Java deserialization vulnerability in Apache Tomcat's session restoration functionality
-that can be exploited with a partial PUT to place an attacker controlled deserialization payload in the work directory.
-For the exploit to succeed, writes must be enabled for the default servlet, and `org.apache.catalina.session.PersistentManager` must be
-configured to use `org.apache.catalina.session.FileStore`.
+that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the
+<tomcat_root_dir>/webapps/ROOT/ directory. For the exploit to succeed, writes must be enabled for the default servlet,
+and `org.apache.catalina.session.PersistentManager` must be configured to use `org.apache.catalina.session.FileStore`.
 
 ## Setup
 Download Ubuntu Server 24:

modules/exploits/multi/http/tomcat_partial_put_deserialization.rb

@@ -130,7 +130,7 @@ def execute_command(cmd, _opts = {})
   def upload_payload(cmd)
     # Generate a random session id
     session_id = Rex::Text.rand_text_alpha(10)
-    # Determine the shell
+    # Determine the shell and register the payload for cleanup
     case target['Platform']
     when ['unix', 'linux']
       shell = 'bash'