Hi there,
every now and then I stumble over web apps that are based on JavaScript / JSON frameworks. There is a functionality to upload images, which I can bypass to upload a shell or other file types.
However, when displaying the image via the web app, the image is embedded usually in the following way:
<img src="data:image/jpeg;base64,/9j/4AAQ....">
Do you see any way to exploit this anyway? So far, I have been capturing the HTTP requests to check from which directory the file has been pulled from and try to access the file directly from there.