It works because you're lucky. Writing past the end of a buffer is a good way to damage the data following that buffer and cause your program to blow up in nasty ways.
Actually you were lucky even the first time. Sizeof returns the size of the variable's type, which is a pointer, NOT the length of the string. And even if you'd used strlen(string1) you'd have to also add 1 to allow space for the null character which terminates the string.
C will let you shoot your own feet off. It's your responsibility to make sure you don't, and/or to run additional tests on your code using tools like lint
to catch some of the errors other languages always check for. (Or run your compiler at higher warning levels.)
On the flipside, being able to cheat in C when you really do want to is one of the things which makes it powerful -- like assembler code, if you know what you're doing, you can break the rules to do things that would otherwise be difficult to impossible. It's a sharp knife. Be careful to know what's around you in case it slips.