diff --git a/lib/core/common.py b/lib/core/common.py
index 8b0447117..fe23b0f18 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2503,7 +2503,7 @@ def decodeIntToUnicode(value):
         try:
             # http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord
             if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
-                retVal = getUnicode(struct.pack('B' if value < 256 else '>H', value))
+                retVal = getUnicode(hexdecode(hex(value)))
             elif value > 255:
                 retVal = unichr(value)
             else:
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 0cac47bdb..fb50bbc44 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -203,7 +203,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
 
             if continuousOrder and shiftTable is None:
                 # Used for gradual expanding into unicode charspace
-                shiftTable = [5, 4]
+                shiftTable = [2, 2, 3, 3, 5, 4]
 
             if CHAR_INFERENCE_MARK in payload and ord('\n') in charTbl:
                 charTbl.remove(ord('\n'))
@@ -263,7 +263,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                         # Going beyond the original charset
                         elif minValue == maxChar:
                             # If the original charTbl was [0,..,127] new one
-                            # will be [128,..,128*16-1] or from 128 to 2047
+                            # will be [128,..,(128 << 4) - 1] or from 128 to 2047
                             # and instead of making a HUGE list with all the
                             # elements we use a xrange, which is a virtual
                             # list