Exploiting File Upload Vulnerability for images embedded as src="data:image/jpeg;base64"

Hi there,

every now and then I stumble over web apps that are based on JavaScript / JSON frameworks. There is a functionality to upload images, which I can bypass to upload a shell or other file types.

However, when displaying the image via the web app, the image is embedded usually in the following way:

<img src="data:image/jpeg;base64,/9j/4AAQ....">

Do you see any way to exploit this anyway? So far, I have been capturing the HTTP requests to check from which directory the file has been pulled from and try to access the file directly from there.