Well it depends is this made in microsoft frontpage if so then you can use a google query serach and i think its inurlwd which will list the ftp username and password to that website the password is DES encryption download a program to decrypt it.

As for the sql injection read up on my tutorial on detecting if the server is sql vunerable