The host header specifies which website or web application should process an incoming HTTP request. The web server uses the value of this header to dispatch the request to the specified website or web application.
if we take the example of SharePoint that can host multiple sites through the same IP. according to the hostname (host header), the request user is FW to the right site/app.
By using this attack, we can check whether the host is properly validated or not (Owasp rank: A6 (Security Misconfiguration)).