Ugly yes, over engineering? no it's what you would have done in PHP in the 90's. Doing the URL thing would need more work (hello .htaccess). Anyway...
Good points: It is semantically correct and self documenting. There is no resource called 300 nested under a resource called 200 so lets not pretend there is. The query string seems perfect for the job of providing size parameters. You can then extend this interface to take other factors you want to affect the image, and keep it backwards compatible. Function over form.
It's using the URL as it was designed. in 21323/200/300, 200 is not a sub-resource of 21323, neither is 300 a sub-resource of 200. Specifying w and k parameters to the request is semantic and engineering accurate to the intent of the user
Good points: It is semantically correct and self documenting. There is no resource called 300 nested under a resource called 200 so lets not pretend there is. The query string seems perfect for the job of providing size parameters. You can then extend this interface to take other factors you want to affect the image, and keep it backwards compatible. Function over form.