On 11 August 2017, I participated in an online lucky draw. Instead of winning some prizes, I stumbled upon two vulnerabilities. It turned out that their CAPTCHA was as poorly implemented; similar to what was reported on the M1 Wireless@SG site and t...