hi is there any list that explains cgi exploits ? i only get loads of names from different directories but i dont understand them.
well just search google for the exploit name hehe, one we used to play with all the time was CGI_Cart, till i wrote up an advisory and everyone and their mother used it and they patched, hehe..
The best way to go about finding whole in CGI programming is learn to program CGI scripts. Once you can understand all of the coding, you can look at the source yourself and find things wrong with it.
or you can jus do what everyone else is doing and get a CGI vulnerability scanner and let it scan like 2000 exploits within minutes for you.