If you want to seek out historical information about RS bug abuse, I would start with googling Tainted Ones. They were the prolific bug abuse group back in the day and published some information about minor bugs. Keep in mind that it is in the best interest of bug abusers to not publicly disclose details of their exploits.
From what I know, a lot of bugs are the result of executing smaller disparate bugs that otherwise on their own don’t have much utility. A common reoccurring exploit you’ll read about is “stalling” of actions in order to execute code server side in a way that was not intended by developers.
If you have a coding/QA background and/or some idea of how the RS engine and game loop works (a lot of stuff is open source these days thanks to decades of reverse engineering) then exploitation is just a matter of time investment and persistence.